Lucene search

[email protected]NVD:CVE-2024-2197

HistoryMar 20, 2024 - 1:15 a.m.

CVE-2024-2197

2024-03-2001:15:11

CWE-259

[email protected]

web.nvd.nist.gov

cve-2024-2197

chirp access app

hard-coded password

beacon_password

bluetooth range

disable notification

beacon-enabled access point

authorized users

mobile application

lock and unlock access points

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application’s ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points.

References

statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html

www.cisa.gov/news-events/ics-advisories/icsa-24-067-01

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2024-2197

cvelist1 cve1 ics1 vulnrichment1