CVE-2024-8891

Summary

CVE-2024-8891 affects the CIRCUTOR Q-SMT firmware version 1.0.4, allowing unauthorized attackers to potentially enumerate valid users without prior knowledge of the application’s user base. The vulnerability has a medium severity rating with a CVSS score of 5.3 and poses a low confidentiality impact, as it primarily enables attackers to build a dictionary of usernames by analyzing server responses. To mitigate this risk, organizations should update their firmware to the latest version provided by CIRCUTOR and implement additional security measures, such as rate limiting on user login attempts. The attack vector is network-based, requiring no special privileges or user interaction, which increases the potential for exploitation. The lack of integrity impact and availability concerns does not diminish the importance of addressing this vulnerability promptly to protect sensitive user information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.