CVE-2024-57249

Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://packetstorm.news/files/id/189019	Exploit Third Party Advisory
https://www.gleamtech.com/filevista	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:gleamtech:filevista:9.2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-02-07 16:15

Updated : 2025-09-15 18:02

NVD link : CVE-2024-57249

Mitre link : CVE-2024-57249

CVE.ORG link : CVE-2024-57249

JSON object : View

Products Affected

gleamtech

filevista

CWE

CWE-284

Improper Access Control

{"id": "CVE-2024-57249", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-02-07T16:15:38.180", "references": [{"url": "https://packetstorm.news/files/id/189019", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.gleamtech.com/filevista", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials."}, {"lang": "es", "value": "Un control de acceso incorrecto en la funci\u00f3n de vista previa de Gleamtech FileVista 9.2.0.0 permite a atacantes remotos obtener acceso no autorizado mediante la explotaci\u00f3n de una vulnerabilidad en los mecanismos de control de acceso eliminando los encabezados HTTP relacionados con la autenticaci\u00f3n, como el encabezado Cookie, en la solicitud. Esto evita el proceso de autenticaci\u00f3n y otorga a los atacantes acceso a archivos de im\u00e1genes confidenciales sin las credenciales de inicio de sesi\u00f3n adecuadas."}], "lastModified": "2025-09-15T18:02:51.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gleamtech:filevista:9.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8D553A7-0E37-4600-A567-3E34CC6103A3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}