CVE-2024-39886
Severity Score
3.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App.
La versión 3.4.2 y anteriores de la aplicación TONE store contiene un problema con el canal principal desprotegido. Dado que la aplicación TONE store se comunica con el sitio web de TONE store en texto plano, un ataque man-in-the-middle puede permitir a un atacante obtener y/o alterar las comunicaciones de la aplicación afectada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-07-02 CVE Reserved
- 2024-07-10 CVE Published
- 2024-07-10 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-419: Unprotected Primary Channel
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| DREAM TRAIN INTERNET INC. Search vendor "DREAM TRAIN INTERNET INC." | TONE Store App Search vendor "DREAM TRAIN INTERNET INC." for product "TONE Store App" | 3.4.2 Search vendor "DREAM TRAIN INTERNET INC." for product "TONE Store App" and version "3.4.2" | en |
Affected
| ||||||