CVERadar

CVE-2024-38465

High Severity

Guoxinled

SVRS

52/100

CVSSv3

5.3/10

EPSS

0.00099/1

CVE-2024-38465 is a username enumeration vulnerability in Shenzhen Guoxin Synthesis image systems before version 8.3.0. This flaw allows attackers to identify valid usernames by observing differences in the server's response to incorrect username attempts versus general error messages. While the CVSS score is 5.3, indicating medium severity, the SOCRadar Vulnerability Risk Score (SVRS) of 52 suggests a moderate level of risk. Although it is not considered critical (SVRS above 80), the fact that it is "In The Wild" increases the urgency. Successful exploitation of this vulnerability can lead to further security breaches by facilitating targeted attacks. By knowing valid usernames, attackers can then focus their efforts on password cracking or other methods of unauthorized access. Organizations using affected versions should prioritize upgrading their systems to version 8.3.0 or later to mitigate this risk and prevent potential security compromises. Regular monitoring and patching are critical for maintaining a strong security posture.

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:N

UI:N

S:U

C:L

I:N

A:N

PUBLICATION DATE2024-06-16

LAST MODIFIED2025-03-14

SOCRadar

AI Insight

Description

CVE-2024-38465 is a username enumeration vulnerability in Shenzhen Guoxin Synthesis image system versions prior to 8.3.0. This vulnerability arises due to a discrepancy in the system's response when handling incorrect usernames versus errors.

Key Insights

SVRS Score: 34 indicates a moderate risk, highlighting the need for attention and monitoring.
Exploit Status: No active exploits have been published yet.
Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued any warnings regarding this vulnerability.

Mitigation Strategies

Update the Shenzhen Guoxin Synthesis image system to version 8.3.0 or later.
Implement strong password policies and enforce multi-factor authentication.
Monitor network traffic for suspicious activity and implement intrusion detection systems.
Regularly review and patch all software and systems to address any potential vulnerabilities.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-38465 | Shenzhen Guoxin Synthesis Image System up to 8.2.x Username information exposure

vuldb.com2024-06-16

CVE-2024-38465 | Shenzhen Guoxin Synthesis Image System up to 8.2.x Username information exposure | A vulnerability, which was classified as problematic, was found in Shenzhen Guoxin Synthesis Image System up to 8.2.x. This affects an unknown part of the component Username Handler. The manipulation leads to information exposure through error message. This vulnerability is uniquely identified as CVE-2024-38465. The attack

cve-2024-38465

domains

urls

cves

Social Media

Oktsec

@oktsec

2024-07-24

🚨 CVE-2024-38465: Shenzhen Guoxin Synthesis Image System up to 8.2.x exposes usernames via error messages. Risk: Problematic info disclosure. Upgrade affected systems immediately to mitigate. #InfoSec #VulnerabilityAlert

CVE

@CVEnew

2024-06-16

CVE-2024-38465 Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error. https://t.co/oQQWnMd698

Affected Software

Configuration 1

Type	Vendor	Product
App	Guoxinled	synthesis_image_system

References

Reference	Link
[email protected]	https://github.com/Pumpkin-ito/Cve-Vuln/blob/main/Guosen%20synthetic%20imaging%20system%20vulnerability.pdf
AF854A3A-2127-422B-91AE-364DA2661108	https://github.com/Pumpkin-ito/Cve-Vuln/blob/main/Guosen%20synthetic%20imaging%20system%20vulnerability.pdf
[email protected]	https://github.com/Pumpkin-ito/Cve-Vuln/blob/main/Guosen%20synthetic%20imaging%20system%20vulnerability.pdf

CWE Details

CWE ID	CWE Name	Description
CWE-203	Observable Discrepancy	The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence