CVE-2024-22647
Published: 30 January 2024
Summary
CVE-2024-22647 is a medium-severity Observable Discrepancy (CWE-203) vulnerability in Seopanel Seo Panel. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Account Discovery (T1087); ranked at the 37.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-20180
Vulnerability details
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with…
more
valid usernames.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
User enumeration via differing authentication error messages enables account discovery (T1087) and facilitates brute force attacks (T1110) by identifying valid usernames.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Misdirection can normalize or falsify responses to eliminate observable discrepancies that aid reconnaissance.
Observable discrepancies in system behavior can be modulated to create covert storage or timing channels; the required analysis detects and constrains such avenues.
Prevents attackers from using observable differences in error responses to infer internal system details or state.