CVE-2024-50380

HIGH

Snap One OVRC - Info Disclosure

Title source: llm

Description

Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01

Scores

CVSS v4 8.7

EPSS 0.0031

EPSS Percentile 54.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (1)

Snap One/OVRC cloud < 7.3

Published Dec 02, 2024

Tracked Since Feb 18, 2026