CVE-2024-45837

Summary

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files.

Affected Software

VendorProductVersion RangeStatus
AIPHONE CO., LTD.IX-MVfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HBfirmware Ver.7.31 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HBTfirmware Ver.7.31 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HWfirmware Ver.7.31 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HWTfirmware Ver.7.31 and earlieraffected
AIPHONE CO., LTD.IX-MV7-HW-JPfirmware Ver.7.31 and earlieraffected
AIPHONE CO., LTD.IX-MV7-Bfirmware Ver.7.31 and earlieraffected
AIPHONE CO., LTD.IX-MV7-BTfirmware Ver.7.31 and earlieraffected
AIPHONE CO., LTD.IX-MV7-Wfirmware Ver.7.31 and earlieraffected
AIPHONE CO., LTD.IX-MV7-WTfirmware Ver.7.31 and earlieraffected
AIPHONE CO., LTD.IX-DAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DAUfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DBfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DBTfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-EAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-EATfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-EAUfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DVfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DVTfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DVFfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DVF-Pfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DVF-Lfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DVMfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DUfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DVF-RAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-DVF-2RAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-BAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-BAUfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-BBfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-BBTfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-FAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-SSAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-SS-2Gfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-SS-2GTfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-SS-2G-Nfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-BUfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-SSA-RAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-SSA-2RAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-RS-Bfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-RS-BTfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-RS-Wfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-RS-WTfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IXW-MAfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IX-SPMICfirmware Ver.7.30 and earlieraffected
AIPHONE CO., LTD.IXG-2C7firmware Ver.3.01 and earlieraffected
AIPHONE CO., LTD.IXG-2C7-Lfirmware Ver.3.01 and earlieraffected
AIPHONE CO., LTD.IXG-DM7firmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXG-DM7-HIDfirmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXG-DM7-HIDAfirmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXG-DM7-10Kfirmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXG-MKfirmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IXGW-GWfirmware Ver.3.01 and earlieraffected
AIPHONE CO., LTD.IXGW-TGWfirmware Ver.3.01 and earlieraffected
AIPHONE CO., LTD.IXGW-LCfirmware Ver.3.00 and earlieraffected
AIPHONE CO., LTD.IX-SupportToolVer.10.3.0.0 and earlieraffected
AIPHONE CO., LTD.IXG-SupportToolVer.5.0.2.0 and earlieraffected

Weaknesses

  • CWE-321: Use of hard-coded cryptographic key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References