CVE-2024-3461 - Vulnerability Details - OpenCVE

Description

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.

Published: 2024-05-09

Score: 6.2 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Kioware

Kioware

unaffected

Version	Status	Constraints
`0`	affected	≤ 8.35

Configuration 1 [-]

cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-32048	KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://cert.pl/en/posts/2024/04/CVE-2024-3459
https://cert.pl/posts/2024/04/CVE-2024-3459
https://www.kioware.com/

History

Wed, 12 Feb 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Kioware Kioware kioware
CPEs		cpe:2.3:a:kioware:kioware::::::windows::*
Vendors & Products		Kioware Kioware kioware

Subscriptions

Kioware Kioware

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-05-09T10:14:11.615Z

Updated: 2024-08-01T20:12:07.165Z

Reserved: 2024-04-08T10:30:36.633Z

Link: CVE-2024-3461

Vulnrichment

Updated: 2024-08-01T20:12:07.165Z

NVD

Status : Analyzed

Published: 2024-05-14T15:41:13.350

Modified: 2025-02-12T15:37:59.677

Link: CVE-2024-3461

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-307

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3461", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2024-04-08T10:30:36.633Z", "datePublished": "2024-05-09T10:14:11.615Z", "dateUpdated": "2024-08-01T20:12:07.165Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Kioware", "vendor": "Kioware", "versions": [{"lessThanOrEqual": "8.35", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Maksymilian Kubiak [Afine Team]"}], "datePublic": "2024-05-09T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">KioWare for Windows (versions all <span style=\"background-color: rgb(255, 255, 255);\">through 8.35)</span> allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.<br></span>"}], "value": "KioWare for Windows (versions all through 8.35)\u00a0allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.\n"}], "impacts": [{"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112 Brute Force"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-05-09T10:14:11.615Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/04/CVE-2024-3459"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"}, {"tags": ["product"], "url": "https://www.kioware.com/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3461", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-10T18:33:48.786983Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:31:20.981Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.165Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/04/CVE-2024-3459"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"}, {"tags": ["product", "x_transferred"], "url": "https://www.kioware.com/"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.kioware.com/", "tags": ["product", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.165Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3461", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-10T18:33:48.786983Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-10T18:33:51.246Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Maksymilian Kubiak [Afine Team]"}], "impacts": [{"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112 Brute Force"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Kioware", "product": "Kioware", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "8.35"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2024-05-09T10:00:00.000Z", "references": [{"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["third-party-advisory"]}, {"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["third-party-advisory"]}, {"url": "https://www.kioware.com/", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "KioWare for Windows (versions all through 8.35)\u00a0allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">KioWare for Windows (versions all <span style=\"background-color: rgb(255, 255, 255);\">through 8.35)</span> allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.<br></span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-05-09T10:14:11.615Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3461", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:12:07.165Z", "dateReserved": "2024-04-08T10:30:36.633Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2024-05-09T10:14:11.615Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*", "matchCriteriaId": "FA48DE1E-8A39-439D-BE91-A8FA7E84C1D7", "versionEndIncluding": "8.35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "KioWare for Windows (versions all through 8.35)\u00a0allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.\n"}, {"lang": "es", "value": "KioWare para Windows (versiones hasta 8.35) permite forzar el n\u00famero PIN por fuerza bruta, lo que protege la aplicaci\u00f3n contra el cierre, ya que no existen mecanismos que impidan que un usuario adivine excesivamente el n\u00famero."}], "id": "CVE-2024-3461", "lastModified": "2025-02-12T15:37:59.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "cvd@cert.pl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T15:41:13.350", "references": [{"source": "cvd@cert.pl", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"}, {"source": "cvd@cert.pl", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://cert.pl/posts/2024/04/CVE-2024-3459"}, {"source": "cvd@cert.pl", "tags": ["Product"], "url": "https://www.kioware.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://cert.pl/posts/2024/04/CVE-2024-3459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.kioware.com/"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "cvd@cert.pl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}