CVE-2024-42919

CRITICAL

eScan Management Console <14.0.1400.2281 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-42919. PoCs published by jeyabalaji711.

AI-analyzed exploit summary The repository describes an incorrect access control vulnerability in eScan Management Console, where the 'acteScanAVReport' endpoint is accessible without authentication. It provides steps to reproduce the issue but lacks exploit code.

Description

eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.

Exploits (1)

nomisec WRITEUP 1 stars

by jeyabalaji711 · poc

https://github.com/jeyabalaji711/CVE-2024-42919

View Code ZIP pw:eip

The repository describes an incorrect access control vulnerability in eScan Management Console, where the 'acteScanAVReport' endpoint is accessible without authentication. It provides steps to reproduce the issue but lacks exploit code.

Classification

Writeup 80%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: eScan Management Console 14.0.1400.2281

No auth needed

Prerequisites: Access to the eScan Management Console endpoint

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Mitigation, Third Party Advisory

https://github.com/jeyabalaji711/CVE-2024-42919

Scores

CVSS v3 9.8

EPSS 0.0101

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

escanav/escan_management_console 14.0.1400.2281

Published Aug 20, 2024

Tracked Since Feb 18, 2026