CVE-2024-50380 HIGH

CVE-2024-50380: Authentication Bypass by Spoofing in Snap One OVRC cloud

Vendor Snap One
Product OVRC cloud
Weakness CWE-290
Published December 2, 2024
Last update December 2, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.

Key dates

02Disclosure timeline

December 2, 2024 CVE published
December 2, 2024 Record updated

Related vulnerabilities

04Related CVE