CVE-2024-39771
MEDIUMSafie QBiC CLOUD CC-2L < 1.1.30 & Safie One < 1.8.2 - MITM via Improper Certificate Validation
Title source: llmDescription
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.
References (2)
Core 2
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN83440451/
Vendor Advisory
https://safie.jp/information/post_6933/
Scores
CVSS v3
6.8
EPSS
0.0012
EPSS Percentile
2.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-295
Status
published
Products (2)
safie/qbic_cloud_cc-2\/2l_firmware
< 1.1.30
safie/safie_one_firmware
< 1.8.2
Published
Aug 28, 2024
Tracked Since
Feb 18, 2026