CVE-2024-45788

High

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An…

CERT-In·CWE-799·Published 2024-09-11

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

329 chars

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.

NVDen

329 chars

NVDes

395 chars

Esta vulnerabilidad existe en la versión 2.0.1 de Reedos aiM-Star debido a la falta de limitación de velocidad en las solicitudes OTP en determinados endpoints de API. Un atacante remoto autenticado podría aprovechar esta vulnerabilidad enviando múltiples solicitudes OTP a través de endpoints de API vulnerables, lo que podría provocar un bombardeo o inundación de OTP en el sistema de destino.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0	Primary	cve.org	8.7	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N