CVE-2024-48939

EUVD-2024-43185
Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Common Weakness Enumeration
References
https://github.com/gitaware/CVE/blob/main/CVE-2024-48939/20241020_vuln_discl_paxton_API_license.pdf
https://paxton-access.co.uk
https://seclists.org/fulldisclosure/2024/Oct/3
http://seclists.org/fulldisclosure/2024/Oct/3