CVE-2024-6424 — CRITICAL (9.3)

Q: How severe is CVE-2024-6424?

CVE-2024-6424 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-6424?

Check the references section above for vendor advisories and patch information. Affected products include: Mesbook Mesbook.

Vulnerability Description

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=<ARCHIVO|URL INTERNA|IP/HOST" to read the source code of web files, read internal files or access network resources.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mesbook	Mesbook	20221021.03

Related Weaknesses (CWE)

CWE-918

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-Third Party Advisory

FAQ

What is CVE-2024-6424?

CVE-2024-6424 is a vulnerability with a CVSS score of 9.3 (CRITICAL). External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=<FILE|I...

How severe is CVE-2024-6424?

CVE-2024-6424 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-6424?

Check the references section above for vendor advisories and patch information. Affected products include: Mesbook Mesbook.