FKIE_CVE-2024-6203

Vulnerability from fkie_nvd - Published: 2024-08-06 06:15 - Updated: 2024-08-29 17:46
Severity
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
References
vulnerability@ncsc.chhttps://haloitsm.com/guides/article/?kbid=2155Vendor Advisory
Impacted products
Vendor Product Version
haloservicesolutions haloitsm *
haloservicesolutions haloitsm *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C394C94-9968-465E-98B9-7BC8429BAD67",
              "versionEndExcluding": "2.143.61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:haloservicesolutions:haloitsm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBD3BDE-57DA-41C9-821A-F8C6A8864FC7",
              "versionEndExcluding": "2.146.1",
              "versionStartIncluding": "2.144",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim\u0027s account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability."
    },
    {
      "lang": "es",
      "value": "Las versiones de HaloITSM hasta 2.146.1 se ven afectadas por una vulnerabilidad de envenenamiento por restablecimiento de contrase\u00f1a. Se pueden enviar enlaces de restablecimiento de contrase\u00f1a envenenados a usuarios existentes de HaloITSM (siempre que se conozca su direcci\u00f3n de correo electr\u00f3nico). Cuando se accede a estos enlaces envenenados (por ejemplo, manualmente por parte de la v\u00edctima o autom\u00e1ticamente mediante un software de cliente de correo electr\u00f3nico), el token de restablecimiento de contrase\u00f1a se filtra al actor malintencionado, lo que le permite establecer una nueva contrase\u00f1a para la cuenta de la v\u00edctima. Esto potencialmente conduce a la apropiaci\u00f3n de la cuenta. Las versiones de attack.HaloITSM posteriores a la 2.146.1 (y los parches a partir de la 2.143.61) corrigen la vulnerabilidad mencionada."
    }
  ],
  "id": "CVE-2024-6203",
  "lastModified": "2024-08-29T17:46:28.790",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "vulnerability@ncsc.ch",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-06T06:15:35.727",
  "references": [
    {
      "source": "vulnerability@ncsc.ch",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://haloitsm.com/guides/article/?kbid=2155"
    }
  ],
  "sourceIdentifier": "vulnerability@ncsc.ch",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "vulnerability@ncsc.ch",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.