CVE-2024-25152

CVSS 3.1 Score 9.0 of 10 (high)

Details

Published Feb 21, 2024

Updated: Feb 22, 2024

CWE ID 79

Summary

CVE-2024-26135 is a cross-site websocket hijacking (CSWSH) vulnerability affecting MeshCentral, a full computer management website. This issue lies within the control.ashx endpoint, which is responsible for administrative actions on the server. The vulnerability is exploited when a user clicks on a malicious link leading to an attacker-controlled site. An attacker can then establish a cross-site websocket connection posing as the victim user within MeshCentral, potentially gaining unauthorized access. MeshCentral version 1.1.21 includes a patch to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ua2fGZ
https://www.cve.org/CVERecord?id=CVE-2024-25152
https://nvd.nist.gov/vuln/detail/CVE-2024-25152

Back to Vulnerability Database

CVE-2024-25152

CVSS 3.1 Score 9.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations