Vulnerabilities > CVE-2024-0317 - Unspecified vulnerability in Fireeye products

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

fireeye

NVD

Published: 2024-01-15

Updated: 2024-11-21

Summary

Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.

Vulnerable Configurations

Part	Description	Count
OS	Fireeye Fireeye EX 5500 Firmwarea 9.0.3.936727 Fireeye EX 8500 Firmware 9.0.3.936727 Fireeye EX 3500 Firmware 9.0.3.936727	3
Hardware	Fireeye Fireeye EX 5500 - Fireeye EX 8500 - Fireeye EX 3500 -	3

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products