CVE-2024-42349

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 2, 2024

Updated: Aug 5, 2024

CWE ID 532

Summary

CVE-2024-42349 is a vulnerability affecting FOG, a cloning/imaging/rescue suite and inventory management system. The FOG Server version 1.5.10.41.4 and older have a logging issue where authorized and rejected logins are leaked through the fog_login_accepted.log and fog_login_failed.log files stored directly on the root of the web server. This exposure reveals the user account name, IP address, and User-Agent used during login, posing a potential security risk. This vulnerability has been addressed in version 1.5.10.47.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FOG Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xWB4oS
https://www.cve.org/CVERecord?id=CVE-2024-42349
https://nvd.nist.gov/vuln/detail/CVE-2024-42349

Back to Vulnerability Database

CVE-2024-42349

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations