How severe is CVE-2024-2365?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2024-2365?

This is classified as CWE-916, which is a common weakness in software security.

CVE-2024-2365 - MEDIUM Severity | CVSS 4.2

Vulnerability Description

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2022-29731

MEDIUM

CVSS:4.3(Medium)

An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.

CWE-9162022

CVE-2020-27693

MEDIUM

CVSS:4.4(Medium)

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.

CWE-9162020

CVE-2021-38979

MEDIUM

CVSS:4.4(Medium)

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a sal...

CWE-9162021

CVE-2022-0022

MEDIUM

CVSS:4.4(Medium)

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computationa...

CWE-9162022

CVE-2024-21754

MEDIUM

CVSS:4.4(Medium)

A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy ver...

CWE-9162024

CVE-2020-6780

MEDIUM

CVSS:4.9(Medium)

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privi...

CWE-9162020