What is the CVSS score of CVE-2024-45370?

CVE-2024-45370 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N. EPSS exploitation probability: 0.0%.

How to fix or mitigate CVE-2024-45370?

Within 24 hours: inventory all Socomec Easy Config System 2.6.1.0 instances in your environment and restrict database access to trusted administrators only. Within 7 days: implement network segmentation to limit access to affected systems and enable comprehensive logging of all database modifications and authentication attempts. Within 30 days: contact Socomec for patch availability timeline, prepare upgrade testing procedures, and evaluate alternative configuration management solutions if patches remain unavailable.

CVE-2024-45370

EUVD-2024-55108 HIGH

Authentication Bypass by Assumed-Immutable Data (CWE-302)

2025-12-01 talos-cna@cisco.com

Authentication Bypass

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2024-55108

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

CVE Published

Dec 01, 2025 - 16:15 nvd

HIGH 7.3

DescriptionNVD

An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability.

Analysis

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials.

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

CVE-2024-45370 vulnerability details – vuln.today

Back