CVE-2024-29837
Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
CS Technologies Australia · Evolution ControllerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →