CVE-2024-34520

CVE-2024-34520 is an authorization bypass vulnerability (CWE-639) in the Mavenir SCE Application Provisioning Portal, specifically version PORTAL-LBS-R_1_0_24_0. It enables an authenticated guest user to circumvent client-side access controls and execute unauthorized administrative functions, such as the "add user" feature. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

An attacker with guest-level authentication can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By bypassing client-side restrictions, the attacker gains the ability to perform administrative actions beyond their privileges, potentially leading to full compromise of the portal's user management and other sensitive operations.

Advisories and further details are available in the referenced GitHub repository at https://github.com/whitewhale-dmb/Vulnerability-Research/tree/main/CVE-2024-34520, which contains vulnerability research materials. No specific patch or mitigation guidance is detailed in the provided CVE information.