Main Vulnerability Database SB2024092327

SB2024092327 - Multiple vulnerabilities in Kastle Systems Access Control System

Published: September 23, 2024

Security Bulletin ID SB2024092327

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Use of hard-coded credentials (CVE-ID: CVE-2024-45861)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can gain access sensitive information on the target system.

2) Cleartext storage of sensitive information (CVE-ID: CVE-2024-45862)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to cleartext storage of sensitive information. A remote attacker can gain access sensitive information on the target system.

Remediation

Install update from vendor's website.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05