CVE-2024-7007

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:positron:tra7005_firmware:1.20:*:*:*:*:*:*:*

cpe:2.3:h:positron:tra7005:*:*:*:*:*:*:*:*

History

26 Aug 2024, 16:40

Type	Values Removed	Values Added
CWE		CWE-306
CPE		cpe:2.3:o:positron:tra7005_firmware:1.20:::::::* cpe:2.3:h:positron:tra7005::::::::
First Time		Positron tra7005 Firmware Positron Positron tra7005
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02 - Third Party Advisory, US Government Resource

26 Jul 2024, 12:38

Type	Values Removed	Values Added
Summary		(es) El procesador de señal de transmisión Positron TRA7005 v1.20 es vulnerable a un exploit de omisión de autenticación que podría permitir a un atacante tener acceso no autorizado a áreas protegidas de la aplicación.

25 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-25 17:15

Updated : 2024-08-26 16:40

NVD link : CVE-2024-7007

Mitre link : CVE-2024-7007

CVE.ORG link : CVE-2024-7007

JSON object : View

Products Affected

positron

tra7005_firmware
tra7005

CWE

CWE-306

Missing Authentication for Critical Function

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2024-7007", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-25T17:15:11.837", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application."}, {"lang": "es", "value": "El procesador de se\u00f1al de transmisi\u00f3n Positron TRA7005 v1.20 es vulnerable a un exploit de omisi\u00f3n de autenticaci\u00f3n que podr\u00eda permitir a un atacante tener acceso no autorizado a \u00e1reas protegidas de la aplicaci\u00f3n."}], "lastModified": "2024-08-26T16:40:44.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:positron:tra7005_firmware:1.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "623FC0F9-35EF-4150-B8BA-5D6FEBE33A30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:positron:tra7005:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E709DBE6-A982-48BB-B699-B1D2DC5FBB9B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}