Lucene search

IcscertCVELIST:CVE-2024-39278

HistorySep 05, 2024 - 10:39 p.m.

CVE-2024-39278 Hughes Network Systems Insufficiently Protected Credentials

2024-09-0522:39:30

CWE-522

icscert

www.cve.org

hughes network systems

credentials

vulnerability

flash memory

configuration data

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

4.1

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

Percentile

9.6%

JSON

Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WL3000 Fusion Software",
    "vendor": "Hughes Network Systems",
    "versions": [
      {
        "lessThan": "2.7.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-249-01

CVSS3

4.2

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

4.1

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-39278