Main Vulnerability Database Vulnerabilities #VU98815

#VU98815 Insufficiently protected credentials in AIPHONE products - CVE-2024-39290

Published: October 18, 2024

Vulnerability identifier: #VU98815

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-39290

CWE-ID: CWE-522

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
IX-MV
IX-MV7-HB
IX-MV7-HBT
IX-MV7-HW
IX-MV7-HWT
IX-MV7-HW-JP
IX-MV7-B
IX-MV7-BT
IX-MV7-W
IX-MV7-WT
IX-DA
IX-DAU
IX-DB
IX-DBT
IX-EA
IX-EAT
IX-EAU
IX-DV
IX-DVT
IX-DVF
IX-DVF-P
IX-DVF-L
IX-DVM
IX-DU
IX-DVF-RA
IX-DVF-2RA
IX-BA
IX-BAU
IX-BB
IX-BBT
IX-FA
IX-SSA
IX-SS-2G
IX-SS-2GT
IX-SS-2G-N
IX-BU
IX-SSA-RA
IX-SSA-2RA
IX-RS-B
IX-RS-BT
IX-RS-W
IX-RS-WT
IXW-MA
IX-SPMIC
IXG-2C7
IXG-2C7-L
IXG-DM7
IXG-DM7-HID
IXG-DM7-HIDA
IXG-DM7-10K
IXG-MK
IXGW-GW
IXGW-TGW
IXGW-LC

Software vendor:
AIPHONE

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote attacker on the local network can obtain sensitive information such as a username and its password in the address book.

Remediation

Install updates from vendor's website.

External links

https://jvn.jp/en/jp/JVN41397971/index.html