CVE-2024-45861

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:kastle:access_control_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kastle:access_control_system:-:*:*:*:*:*:*:*

History

30 Sep 2024, 19:25

Type Values Removed Values Added
First Time Kastle
Kastle access Control System
Kastle access Control System Firmware
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:o:kastle:access_control_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kastle:access_control_system:-:*:*:*:*:*:*:*
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-05 - Third Party Advisory, US Government Resource

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) El firmware de Kastle Systems anterior al 1 de mayo de 2024 contenía una credencial codificada que, si se accedía a ella, podía permitir a un atacante acceder a información confidencial.

19 Sep 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-19 16:15

Updated : 2024-09-30 19:25


NVD link : CVE-2024-45861

Mitre link : CVE-2024-45861

CVE.ORG link : CVE-2024-45861


JSON object : View

Products Affected

kastle

  • access_control_system
  • access_control_system_firmware
CWE
CWE-798

Use of Hard-coded Credentials