CVE-2024-2420
8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| LenelS2 | NetBox | All <= 5.6.1 | affected |
Weaknesses
- CWE-259: CWE-259 Use of Hardcoded Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01
References
- https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.