CVE-2024-50381: Missing Authentication for Critical Function in Snap One OVRC cloud

8.8 CVSS

Description

A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it.

Classification

CVE ID: CVE-2024-50381

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

Affected Products

Vendor: Snap One

Product: OVRC cloud

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01

Timeline

2024-12-03 00:12:41 UTC
CVE

Missing Authentication for Critical Function in Snap One OVRC cloud