Main Vulnerability Database SB2024090632

SB2024090632 - Multiple vulnerabilities in Hughes Network Systems WL3000 Fusion Software

Published: September 6, 2024

Security Bulletin ID SB2024090632

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Insufficiently protected credentials (CVE-ID: CVE-2024-39278)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the credentials to access device configuration information are stored unencrypted in flash memory. An attacker with physical access can gain access to network configuration information and terminal configuration data.

2) Missing Encryption of Sensitive Data (CVE-ID: CVE-2024-42495)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to credentials to access device configuration are transmitted using an unencrypted protocol. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-249-01