Lucene search

IcscertCVE-2024-39278

HistorySep 05, 2024 - 11:15 p.m.

CVE-2024-39278

2024-09-0523:15:12

CWE-522

icscert

web.nvd.nist.gov

credentials

flash memory

network configuration

terminal data

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

4.1

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.6%

JSON

Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WL3000 Fusion Software",
    "vendor": "Hughes Network Systems",
    "versions": [
      {
        "lessThan": "2.7.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-249-01

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

4.1

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-39278