CVE-2024-39290

Summary

Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book.

Affected Software

VendorProductVersion RangeStatus
AIPHONE CO., LTD.IX-MVfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HBfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HBTfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HWfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HWTfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HW-JPfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-MV7-Bfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-MV7-BTfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-MV7-Wfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-MV7-WTfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-DAfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-DAUfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-DBfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-DBTfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-EAfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-EATfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-EAUfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-DVfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-DVTfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-DVFfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-DVF-Pfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-DVF-Lfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-DVMfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-DUfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-DVF-RAfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-DVF-2RAfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-BAfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-BAUfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-BBfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-BBTfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-FAfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-SSAfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-SS-2Gfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-SS-2GTfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-SS-2G-Nfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-BUfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-SSA-RAfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-SSA-2RAfirmware Ver.7.11 and earlieraffected
AIPHONE CO., LTD.IX-RS-Bfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-RS-BTfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-RS-Wfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-RS-WTfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IXW-MAfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IX-SPMICfirmware Ver.7.10 and earlieraffected
AIPHONE CO., LTD.IXG-2C7firmware Ver.3.01 and earlieraffected
AIPHONE CO., LTD.IXG-2C7-Lfirmware Ver.3.01 and earlieraffected
AIPHONE CO., LTD.IXG-DM7firmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXG-DM7-HIDfirmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXG-DM7-HIDAfirmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXG-DM7-10Kfirmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXG-MKfirmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXGW-GWfirmware Ver.3.01 and earlieraffected
AIPHONE CO., LTD.IXGW-TGWfirmware Ver.3.01 and earlieraffected
AIPHONE CO., LTD.IXGW-LCfirmware Ver.3.00 and earlieraffected

Weaknesses

  • CWE-522: Insufficiently protected credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References