CVE-2024-23766
Published: 26 June 2024
Summary
CVE-2024-23766 is a high-severity Use of HTTP Request With Sensitive Query String (CWE-598) vulnerability in Sensepost (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 48.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-21219
Vulnerability details
An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway (or at least most of…
more
its modules). An attacker can use this feature to carry out a denial of service attack by continuously sending GET requests to that URL.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Protects sensitive data placed in query strings from interception in transit when confidentiality controls like HTTPS are enforced.