CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-9692

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00092/1

CVE-2024-9692 is a Denial-of-Service (DoS) vulnerability affecting VIMESA VHF/FM Transmitter Blue Plus. This flaw allows an unauthenticated attacker to disrupt transmitter operations by sending an unauthorized HTTP GET request to the 'doreboot' endpoint, causing a restart. With a SOCRadar Vulnerability Risk Score (SVRS) of 30, the urgency is moderate, but the potential impact on broadcast services makes it noteworthy. Although the CVSS score is 0, the SVRS and "In The Wild" tag suggest potential real-world exploitability should be considered. Exploiting this vulnerability can lead to service disruption and potentially impact critical communications. While not immediately critical, proactive mitigation is advised to prevent unauthorized transmitter restarts and maintain operational stability, safeguarding against possible unauthenticated attacks. Mitigation is essential to ensure continuous availability.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-10-24
LAST MODIFIED2024-10-25
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-9692 is a Denial-of-Service (DoS) vulnerability in VIMESA VHF/FM Transmitter Blue Plus. An unauthenticated attacker can exploit this vulnerability by sending an unauthorized HTTP GET request to the unprotected endpoint 'doreboot', causing the transmitter to restart. The SVRS for this CVE is 46, indicating a moderate level of risk.

Key Insights

  • Unauthenticated Attack: The vulnerability can be exploited without the need for authentication, making it easier for attackers to target the device.
  • Remote Exploitation: The vulnerability can be exploited remotely, allowing attackers to target the device from anywhere with internet access.
  • DoS Impact: The vulnerability can cause the transmitter to restart, disrupting its operations and potentially causing loss of service.

Mitigation Strategies

  • Apply Firmware Updates: Install the latest firmware updates from the vendor to patch the vulnerability.
  • Restrict Access: Implement access control measures to prevent unauthorized users from accessing the vulnerable endpoint.
  • Use a Firewall: Configure a firewall to block unauthorized access to the vulnerable endpoint.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and take appropriate action if any unauthorized requests are detected.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: No active exploits have been published for this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: There is no evidence that this vulnerability is being actively exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-9692 | VIMESA VHF FM Transmitter Blue Plus 9.7.1 HTTP GET Request denial of service (icsa-24-298-01)
vuldb.com2024-10-25
CVE-2024-9692 | VIMESA VHF FM Transmitter Blue Plus 9.7.1 HTTP GET Request denial of service (icsa-24-298-01) | A vulnerability, which was classified as problematic, was found in VIMESA VHF FM Transmitter Blue Plus 9.7.1. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-9692</a
cve-2024-9692
domains
urls
cves
VIMESA VHF/FM Transmitter Blue Plus
CISA2024-10-24
VIMESA VHF/FM Transmitter Blue Plus | View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: VIMESA <
cve-2024-9692
cisa.gov
rss
forum

Social Media

🚨 CVE-2024-9692: Denial of service vuln in VIMESA VHF FM Transmitter Blue Plus 9.7.1 HTTP GET Request Handler. Impact: System unavailability. Action: Implement restrictive firewalling to mitigate risk until patched. #InfoSec #NetworkSecurity
0
0
0
CVE-2024-9692 VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to… https://t.co/daLaVmoyLL
0
1
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-01

CWE Details

CWE IDCWE NameDescription
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence