1. EXECUTIVE SUMMARY
- CVSS v4 9.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Kastle Systems
- Equipment: Access Control System
- Vulnerabilities: Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information on the affected product.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Kastle Systems Access Control System are affected:
- Access Control System: Firmware before May 1, 2024
3.2 Vulnerability Overview
3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
CVE-2024-45861 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2024-45861. A base score of 9.2 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N).
3.2.2 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312
Kastle Systems firmware prior to May 1, 2024, stored machi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: