CVE-2024-36389 - Vulnerability Details - OpenCVE

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Milesight	Devicehub

Configuration 1 [-]

AND

cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:regular:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*

No data.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

Thu, 10 Apr 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canonical Canonical ubuntu Linux Milesight Milesight devicehub
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:milesight:devicehub:3.0.1-r1::::regular::: cpe:2.3:o:canonical:ubuntu_linux:20.04::::-:::
Vendors & Products		Canonical Canonical ubuntu Linux Milesight Milesight devicehub

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2024-06-02T13:21:11.748Z

Updated: 2024-08-02T03:37:04.960Z

Reserved: 2024-05-27T13:04:44.110Z

Link: CVE-2024-36389

Vulnrichment

Updated: 2024-08-02T03:37:04.960Z

NVD

Status : Analyzed

Published: 2024-06-02T14:15:08.933

Modified: 2025-04-10T19:12:00.540

Link: CVE-2024-36389

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36389", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2024-05-27T13:04:44.110Z", "datePublished": "2024-06-02T13:21:11.748Z", "dateUpdated": "2024-08-02T03:37:04.960Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DeviceHub", "vendor": "MileSight", "versions": [{"lessThan": "Upgrade to the latest version.", "status": "affected", "version": "v3.0.1-r1 for Ubuntu 20.04", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Claroty Research \u2013 Team 82"}], "datePublic": "2024-06-02T13:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>MileSight DeviceHub - <span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</p><br>\n\n"}], "value": "MileSight DeviceHub - \n\n\n\n\n\nCWE-330 Use of Insufficiently Random Values may allow Authentication Bypass"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-06-02T13:21:11.748Z"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "source": {"advisory": "ILVN-2024-0158", "discovery": "UNKNOWN"}, "title": "MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "milesight", "product": "devicehub", "cpes": ["cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.1-r1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-03T15:47:51.777014Z", "id": "CVE-2024-36389", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T16:24:23.066Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:04.960Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:04.960Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36389", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T15:47:51.777014Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:*:*:*:*"], "vendor": "milesight", "product": "devicehub", "versions": [{"status": "affected", "version": "3.0.1-r1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T15:48:22.458Z"}}], "cna": {"title": "MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values", "source": {"advisory": "ILVN-2024-0158", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Claroty Research \u2013 Team 82"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MileSight", "product": "DeviceHub", "versions": [{"status": "affected", "version": "v3.0.1-r1 for Ubuntu 20.04", "lessThan": "Upgrade to the latest version.", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-06-02T13:10:00.000Z", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "MileSight DeviceHub - \n\n\n\n\n\nCWE-330 Use of Insufficiently Random Values may allow Authentication Bypass", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>MileSight DeviceHub - <span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</p><br>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-06-02T13:21:11.748Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36389", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:37:04.960Z", "dateReserved": "2024-05-27T13:04:44.110Z", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "datePublished": "2024-06-02T13:21:11.748Z", "assignerShortName": "INCD"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:milesight:devicehub:3.0.1-r1:*:*:*:regular:*:*:*", "matchCriteriaId": "E2F3586F-AC6E-4771-8E66-36857435ED25", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:-:*:*:*", "matchCriteriaId": "652F5027-4436-458C-84FD-7AD89B489BAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MileSight DeviceHub - \n\n\n\n\n\nCWE-330 Use of Insufficiently Random Values may allow Authentication Bypass"}, {"lang": "es", "value": "MileSight DeviceHub: CWE-330 El uso de valores insuficientemente aleatorios puede permitir la omisi\u00f3n de autenticaci\u00f3n"}], "id": "CVE-2024-36389", "lastModified": "2025-04-10T19:12:00.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cna@cyber.gov.il", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-02T14:15:08.933", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "cna@cyber.gov.il", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}