Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2024-58343

CVE-2024-58343

MEDIUM4.3

Vision Helpdesk before 5

Published Apr 16, 2026

Modified 6 days ago

Details

Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.

References

https://github.com/websec/Vision-Helpdesk-Exploit

https://websec.net/blog/critical-vulnerability-in-vision-helpdesk-allows-unauthorized-session-access-67264646bde7fa99ea26446f

https://www.cve.org/CVERecord?id=CVE-2024-58343

CVSS Analysis

CVSS v3.1

4.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

NoneI:N

Availability

NoneA:N

4.3/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedApr 16, 2026

ModifiedApr 17, 2026

CVE-2024-58343 | Mondoo Vulnerability Intelligence