CVE-2024-5514

{"id": "CVE-2024-5514", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-05-30T03:15:08.467", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html", "source": "twcert@cert.org.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-798"}, {"lang": "en", "value": "CWE-912"}]}], "descriptions": [{"lang": "en", "value": "MinMax CMS from\u00a0MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs."}, {"lang": "es", "value": "MinMax CMS de MinMax Digital Technology contiene una cuenta de administrador oculta con una contrase\u00f1a fija que no se puede eliminar ni deshabilitar desde la interfaz de administraci\u00f3n. Los atacantes remotos que obtienen esta cuenta pueden eludir las restricciones de control de acceso a IP e iniciar sesi\u00f3n en el sistema backend sin ser registrados en los registros del sistema."}], "lastModified": "2024-05-30T13:15:41.297", "sourceIdentifier": "twcert@cert.org.tw"}