CVE-2024-3461

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.pl/en/posts/2024/04/CVE-2024-3459	Broken Link Third Party Advisory
https://cert.pl/posts/2024/04/CVE-2024-3459	Broken Link Third Party Advisory
https://www.kioware.com/	Product
https://cert.pl/en/posts/2024/04/CVE-2024-3459	Broken Link Third Party Advisory
https://cert.pl/posts/2024/04/CVE-2024-3459	Broken Link Third Party Advisory
https://www.kioware.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*

History

No history.

Information

Published : 2024-05-14 15:41

Updated : 2025-02-12 15:37

NVD link : CVE-2024-3461

Mitre link : CVE-2024-3461

CVE.ORG link : CVE-2024-3461

JSON object : View

Products Affected

kioware

kioware

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

{"id": "CVE-2024-3461", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-14T15:41:13.350", "references": [{"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.kioware.com/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kioware.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-307"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "KioWare for Windows (versions all through 8.35)\u00a0allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.\n"}, {"lang": "es", "value": "KioWare para Windows (versiones hasta 8.35) permite forzar el n\u00famero PIN por fuerza bruta, lo que protege la aplicaci\u00f3n contra el cierre, ya que no existen mecanismos que impidan que un usuario adivine excesivamente el n\u00famero."}], "lastModified": "2025-02-12T15:37:59.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "FA48DE1E-8A39-439D-BE91-A8FA7E84C1D7", "versionEndIncluding": "8.35"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}