Lucene search

IcscertCVELIST:CVE-2024-42495

HistorySep 05, 2024 - 10:41 p.m.

CVE-2024-42495 Hughes Network Systems WL3000 Missing Encryption of Sensitive Data

2024-09-0522:41:35

CWE-311

icscert

www.cve.org

hughes network systems

wl3000

encryption

sensitive data

credentials

unencrypted protocol

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

7.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

Percentile

9.6%

JSON

Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WL3000 Fusion Software",
    "vendor": "Hughes Network Systems",
    "versions": [
      {
        "lessThan": "2.7.0.10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-249-01

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

7.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-42495