CVE-2024-7920 – This vulnerability allows unauthorized remote a... (How to Fix)

Q: What is the severity of CVE-2024-7920?

CVE-2024-7920 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows unauthorized remote access to the /Report/ParkCommon/GetParkInThroughDeivces endpoint in Anhui Deshun Intelligent Technology's Jieshun JieLink+ JSOTC2016 parking management software. Attackers can exploit improper access controls to access sensitive functions without authentication. Organizations using affected versions of this parking management system are at risk.

📋 TL;DR

This vulnerability allows unauthorized remote access to the /Report/ParkCommon/GetParkInThroughDeivces endpoint in Anhui Deshun Intelligent Technology's Jieshun JieLink+ JSOTC2016 parking management software. Attackers can exploit improper access controls to access sensitive functions without authentication. Organizations using affected versions of this parking management system are at risk.

💻 Affected Systems

Products:

Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016

Versions: up to 20240805

Operating Systems: Unknown

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the parking management system's web interface component. The exact operating system requirements are not specified in available documentation.

📦 What is this software?

Jielink\+ Jsotc2016 by Jielink\+ Jsotc2016 Project

View all CVEs affecting Jielink\+ Jsotc2016 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain unauthorized access to parking system functions, potentially manipulating entry/exit records, accessing sensitive vehicle data, or disrupting parking operations.

🟠

Likely Case

Unauthorized access to parking system data and functions, potentially exposing vehicle entry/exit information and system configuration details.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only exposing non-critical system information.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed, making this vulnerability easy to exploit with minimal technical skill required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Contact vendor Anhui Deshun Intelligent Technology for updated version information and security patches.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the vulnerable endpoint using firewall rules or network segmentation

Web Application Firewall

all

Implement WAF rules to block unauthorized access to /Report/ParkCommon/GetParkInThroughDeivces endpoint

🧯 If You Can't Patch

Isolate the parking management system on a separate network segment with strict access controls
Implement authentication proxy in front of the vulnerable endpoint to add additional access controls

🔍 How to Verify

Check if Vulnerable:

Test if unauthorized access to http://[target]/Report/ParkCommon/GetParkInThroughDeivces is possible without authentication

Check Version:

Check system version through web interface or contact vendor for version identification methods

Verify Fix Applied:

Verify that unauthorized access to the vulnerable endpoint is no longer possible

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to /Report/ParkCommon/GetParkInThroughDeivces
Unusual traffic patterns to parking system endpoints

Network Indicators:

HTTP requests to vulnerable endpoint from unauthorized sources
Unusual data extraction patterns from parking system

SIEM Query:

source_ip NOT IN authorized_ips AND url_path CONTAINS '/Report/ParkCommon/GetParkInThroughDeivces'

📊 Metadata

CVE ID: CVE-2024-7920

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-284

Published: August 19, 2024

Last Updated: August 21, 2024

🔗 References

https://vuldb.com/?ctiid.275070 Permissions Required,VDB Entry
https://vuldb.com/?id.275070 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.387125 Third Party Advisory,VDB Entry
https://wiki.shikangsi.com/post/share/123687c4-ff4b-48e8-8299-6f4950a75af5 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7920, you might also want to check these: