CVE-2024-48955

HIGH

NetAdmin 4.030319 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-48955. PoCs published by BrotherOfJhonny.

AI-analyzed exploit summary The repository provides a technical overview of CVE-2024-48955, detailing a broken access control vulnerability in Netadmin 4 IAM (V4.030319) where unauthorized access to administrative functionalities is possible due to improper session validation and unencrypted endpoint responses.

Description

Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied.

Exploits (1)

nomisec WRITEUP
by BrotherOfJhonny · poc
https://github.com/BrotherOfJhonny/CVE-2024-48955_Overview

The repository provides a technical overview of CVE-2024-48955, detailing a broken access control vulnerability in Netadmin 4 IAM (V4.030319) where unauthorized access to administrative functionalities is possible due to improper session validation and unencrypted endpoint responses.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Netadmin 4 IAM V4.030319
Auth required
Prerequisites: Authenticated access to the system · Ability to intercept or copy session data from a higher-privileged user
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.1
EPSS 0.0064
EPSS Percentile 45.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Published Oct 29, 2024
Tracked Since Feb 18, 2026