Skip to the content.

CVE-2024-27120

Local File Inclusion in ComfortKey before version 24.1.2

CVE CVE-2024-27120
Title Local File Inclusion in ComfortKey before version 24.1.2
Credits
Affected products
Product Affected Unaffected Unknown
Celsius Benelux ComfortKey >= * to < 24.1.2 ()
everything else
CVSS
Base score 7.7 - HIGH
Attack Vector NETWORK
Attack Complexity> LOW
Attack Requirements NONE
Privileges Required NONE
Confidentiality Impact
Vulnerable system LOW Subsequent systems HIGH
Integrity Impact
Vulnerable system NONE Subsequent systems NONE
Availability Impact
Vulnerable system NONE Subsequent systems NONE
Safety impact PRESENT
Automatable YES
Recovery USER
Value Density CONCENTRATED
Vulnerability Response effort MODERATE
Provider Urgency RED
References
Problem type(s) CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Impact(s) CAPEC-126 Path Traversal
Date published
Last modified

Description

A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.


JSON version.