Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-3461

Summary
Assigner-CERT-PL
Assigner Org ID-4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At-09 May, 2024 | 10:14
Updated At-01 Aug, 2024 | 20:12
Rejected At-
Credits

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERT-PL
Assigner Org ID:4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At:09 May, 2024 | 10:14
Updated At:01 Aug, 2024 | 20:12
Rejected At:
▼CVE Numbering Authority (CNA)

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.

Affected Products
Vendor
Kioware
Product
Kioware
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 0 through 8.35 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-307CWE-307 Improper Restriction of Excessive Authentication Attempts
Type: CWE
CWE ID: CWE-307
Description: CWE-307 Improper Restriction of Excessive Authentication Attempts
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-112CAPEC-112 Brute Force
CAPEC ID: CAPEC-112
Description: CAPEC-112 Brute Force
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Maksymilian Kubiak [Afine Team]
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.pl/posts/2024/04/CVE-2024-3459
third-party-advisory
https://cert.pl/en/posts/2024/04/CVE-2024-3459
third-party-advisory
https://www.kioware.com/
product
Hyperlink: https://cert.pl/posts/2024/04/CVE-2024-3459
Resource:
third-party-advisory
Hyperlink: https://cert.pl/en/posts/2024/04/CVE-2024-3459
Resource:
third-party-advisory
Hyperlink: https://www.kioware.com/
Resource:
product
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.pl/posts/2024/04/CVE-2024-3459
third-party-advisory
x_transferred
https://cert.pl/en/posts/2024/04/CVE-2024-3459
third-party-advisory
x_transferred
https://www.kioware.com/
product
x_transferred
Hyperlink: https://cert.pl/posts/2024/04/CVE-2024-3459
Resource:
third-party-advisory
x_transferred
Hyperlink: https://cert.pl/en/posts/2024/04/CVE-2024-3459
Resource:
third-party-advisory
x_transferred
Hyperlink: https://www.kioware.com/
Resource:
product
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cvd@cert.pl
Published At:14 May, 2024 | 15:41
Updated At:12 Feb, 2025 | 15:37

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
kioware
kioware
>>kioware>>Versions up to 8.35(inclusive)
cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-307Secondarycvd@cert.pl
CWE-307Primarynvd@nist.gov
CWE ID: CWE-307
Type: Secondary
Source: cvd@cert.pl
CWE ID: CWE-307
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert.pl/en/posts/2024/04/CVE-2024-3459cvd@cert.pl
Broken Link
Third Party Advisory
https://cert.pl/posts/2024/04/CVE-2024-3459cvd@cert.pl
Broken Link
Third Party Advisory
https://www.kioware.com/cvd@cert.pl
Product
https://cert.pl/en/posts/2024/04/CVE-2024-3459af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
https://cert.pl/posts/2024/04/CVE-2024-3459af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
https://www.kioware.com/af854a3a-2127-422b-91ae-364da2661108
Product
Hyperlink: https://cert.pl/en/posts/2024/04/CVE-2024-3459
Source: cvd@cert.pl
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://cert.pl/posts/2024/04/CVE-2024-3459
Source: cvd@cert.pl
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://www.kioware.com/
Source: cvd@cert.pl
Resource:
Product
Hyperlink: https://cert.pl/en/posts/2024/04/CVE-2024-3459
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://cert.pl/posts/2024/04/CVE-2024-3459
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://www.kioware.com/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2022-28384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.28%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.

Action-Not Available
Vendor-verbatimn/a
Product-keypad_secure_usb_3.2_gen_1keypad_secure_usb_3.2_gen_1_firmwarestore_\'n\'_go_secure_portable_hddstore_\'n\'_go_secure_portable_hdd_firmwaren/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-26519
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.53%
||
7 Day CHG~0.00%
Published-20 Apr, 2022 | 15:30
Updated-16 Apr, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.

Action-Not Available
Vendor-carrierInterlogix
Product-hills_comnav_firmwarehills_comnavHills ComNav
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2017-16900
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.90%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 17:39
Updated-05 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.

Action-Not Available
Vendor-hunesionn/a
Product-i-onenetn/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-15770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 13:23
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins.

Action-Not Available
Vendor-n/aGradle, Inc.
Product-enterprisen/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2019-5263
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.70%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 19:20
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-hisuitehwbackupHiSuite, HwBackup
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2024-1345
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 7.40%
||
7 Day CHG~0.00%
Published-19 Feb, 2024 | 11:20
Updated-24 Mar, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak MySQL database root password in LaborOfficeFree

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.

Action-Not Available
Vendor-laborofficefreeLaborOfficeFreeprgtec
Product-laborofficefreeLaborOfficeFree laborofficefree
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-4891
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 9.97%
||
7 Day CHG~0.00%
Published-16 Mar, 2021 | 13:55
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account lockout setting that could allow a local user er to brute force Rest API account credentials. IBM X-Force ID: 190974.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
Details not found