Use of hard-coded credentials in Chirp Systems Chirp Access
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-2197 |
| CWE-ID | CWE-798 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Chirp Access Other software / Other software solutions |
| Vendor | Chirp Systems |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Use of hard-coded credentials
EUVDB-ID: #VU87312
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-2197
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsChirp Access: All versions
External linkshttp://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
