CVE-2024-41108 — HIGH (7.5)

Q: How severe is CVE-2024-41108?

CVE-2024-41108 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-41108?

Check the references section above for vendor advisories and patch information. Affected products include: Fogproject Fogproject.

Vulnerability Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host. Otherwise, an error message containing "Invalid tasking!" will be returned. The domainpassword in the hostinfo dump is hidden even to authenticated users, as it is displayed as a row of asterisks when navigating to the host's Active Directory settings. This vulnerability is fixed in 1.5.10.41.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Fogproject	Fogproject	>= 1.5.10, < 1.5.10.41

Related Weaknesses (CWE)

CWE-200 CWE-862

References

FAQ

What is CVE-2024-41108?

CVE-2024-41108 is a vulnerability with a CVSS score of 7.5 (HIGH). FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the co...

How severe is CVE-2024-41108?

CVE-2024-41108 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41108?

Check the references section above for vendor advisories and patch information. Affected products include: Fogproject Fogproject.