CVE-2024-32754

Summary

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

Affected Software

VendorProductVersion RangeStatus
Johnson ControlsKantech KT1 Door Controller, Rev010 <= 2.09.10affected
Johnson ControlsKantech KT2 Door Controller, Rev010 <= 2.09.10affected
Johnson ControlsKantech KT400 Door Controller, Rev010 <= 3.01.16affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References