CVE-2024-50380: Authentication Bypass by Spoofing in Snap One OVRC cloud

8.7 CVSS

Description

Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.

Classification

CVE ID: CVE-2024-50380

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

Affected Products

Vendor: Snap One

Product: OVRC cloud

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01

Timeline

2024-12-03 00:12:41 UTC
CVE

Authentication Bypass by Spoofing in Snap One OVRC cloud