CVE-2024-45367
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Optigo Networks | ONS-S8 Spectra Aggregation Switch | 0 <= 1.3.7 | affected |
Weaknesses
- CWE-1390: CWE-1390
Workarounds
Optigo Networks recommends users always use a unique management VLAN for the port on the ONS-S8 that is used to connect to OneView.
Optigo Networks also recommends users implement at least one of the following additional mitigations:
- Use a dedicated NIC on the BMS computer and exclusively this computer for connecting to OneView to manage your OT network configuration.
- Set up a router firewall with a white list for the devices permitted to access OneView.
- Connect to OneView via secure VPN.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.