CVE-2024-45165

{"id": "CVE-2024-45165", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2024-08-22T04:15:22.310", "references": [{"url": "http://download.uci.de/idol2/idol2Client_2_12.exe", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://uci.de/download/idol2-client.html", "tags": ["Product", "Release Notes"], "source": "cve@mitre.org"}, {"url": "https://uci.de/products/index.html", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/en/responsible-disclosure-policy", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-048.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the string \"(c)2007 UCI Software GmbH B.Boll\" (without quotes). The key is both static and hardcoded. With access to messages, this results in message decryption and encryption by an attacker. Thus, it enables passive and active man-in-the-middle attacks."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en UCI IDOL 2 (tambi\u00e9n conocido como uciIDOL o IDOL2) hasta 2.12. Los datos se env\u00edan entre el cliente y el servidor con cifrado. Sin embargo, la clave se deriva de la cadena \"(c)2007 UCI Software GmbH B.Boll\" (sin comillas). La clave es est\u00e1tica y est\u00e1 codificada. Con el acceso a los mensajes, esto da como resultado que un atacante descifre y cifre los mensajes. Por lo tanto, permite ataques de intermediario pasivos y activos."}], "lastModified": "2025-09-03T19:43:58.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uci:idol2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "433F1419-A03A-41CE-981B-461FE27287A5", "versionEndIncluding": "2.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}