CWE-259
AllowedUse of Hard-coded Password
Abstraction: Variant · Status: Draft
The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
315 vulnerabilities reference this CWE, most recent first.
CVE-2024-33625 (GCVE-0-2024-33625)
Vulnerability from cvelistv5 – Published: 2024-05-15 19:19 – Updated: 2024-08-02 02:36| Vendor | Product | Version | |
|---|---|---|---|
| CyberPower | PowerPanel business |
Affected:
0 , < 4.9.0
(custom)
|
|
| cyberpower | powerpanel_business |
Affected:
0 , < 4.9.0
(custom)
cpe:2.3:a:cyberpower:powerpanel_business:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cyberpower:powerpanel_business:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "powerpanel_business",
"vendor": "cyberpower",
"versions": [
{
"lessThan": "4.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T18:45:00.332821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:30.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerPanel business",
"vendor": "CyberPower",
"versions": [
{
"lessThan": "4.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nCyberPower PowerPanel business \napplication code contains a hard-coded JWT signing key. This could \nresult in an attacker forging JWT tokens to bypass authentication.\n\n"
}
],
"value": "CyberPower PowerPanel business \napplication code contains a hard-coded JWT signing key. This could \nresult in an attacker forging JWT tokens to bypass authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T19:19:53.960Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01"
},
{
"url": "https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003eCyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads\"\u003ehttps://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads\u003c/a\u003e\u003cbr\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "CyberPower has released a new version (v4.10.1 or later version) of PowerPanel business that fixes these vulnerabilities.\n\n\n https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads"
}
],
"source": {
"advisory": "ICSA-24-123-01",
"discovery": "EXTERNAL"
},
"title": "CyberPower PowerPanel business Use of Hard-coded Password",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-33625",
"datePublished": "2024-05-15T19:19:53.960Z",
"dateReserved": "2024-04-29T16:47:22.341Z",
"dateUpdated": "2024-08-02T02:36:04.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32741 (GCVE-0-2024-32741)
Vulnerability from cvelistv5 – Published: 2024-05-14 10:02 – Updated: 2024-08-02 02:20- CWE-259 - Use of Hard-coded Password
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V3.0
(custom)
|
|
| siemens | simatic_cn_4100 |
Affected:
0 , < 3.0
(custom)
cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_cn_4100",
"vendor": "siemens",
"versions": [
{
"lessThan": "3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T12:45:45.741161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:34:22.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:34.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions \u003c V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259: Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T07:24:35.739Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-32741",
"datePublished": "2024-05-14T10:02:48.224Z",
"dateReserved": "2024-04-17T12:35:40.942Z",
"dateUpdated": "2024-08-02T02:20:34.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29011 (GCVE-0-2024-29011)
Vulnerability from cvelistv5 – Published: 2024-05-01 18:19 – Updated: 2025-12-16 18:13- CWE-259 - Use of Hard-coded Password
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| SonicWall | GMS |
Affected:
9.3.4 and earlier versions
|
|
| sonicwall | global_management_system |
Affected:
- , ≤ 9.3.4
(custom)
cpe:2.3:a:sonicwall:global_management_system:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sonicwall:global_management_system:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "global_management_system",
"vendor": "sonicwall",
"versions": [
{
"lessThanOrEqual": "9.3.4",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T04:00:12.242592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:13:23.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GMS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "9.3.4 and earlier versions"
}
]
}
],
"datePublic": "2024-05-01T17:57:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability.\u003cbr\u003e\u003cbr\u003eThis issue affects GMS: 9.3.4 and earlier versions.\u003cbr\u003e"
}
],
"value": "Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability.\n\nThis issue affects GMS: 9.3.4 and earlier versions.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:19:46.896Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0007"
}
],
"source": {
"advisory": "SNWLID-2024-0007",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2024-29011",
"datePublished": "2024-05-01T18:19:46.896Z",
"dateReserved": "2024-03-14T03:29:41.180Z",
"dateUpdated": "2025-12-16T18:13:23.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28023 (GCVE-0-2024-28023)
Vulnerability from cvelistv5 – Published: 2024-06-11 13:55 – Updated: 2024-08-02 00:48- CWE-259 - Use of Hard-coded Password
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN |
Affected:
FOXMAN-UN R16B PC2
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom) Affected: FOXMAN-UN R15B PC4 Unaffected: FOXMAN-UN R15B PC5 |
|
| Hitachi Energy | UNEM |
Affected:
UNEM R16B PC2
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom) Affected: UNEM R15B PC4 Unaffected: UNEM R15B PC4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:40:34.740767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:15:53.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:47.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOXMAN-UN",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "FOXMAN-UN R16B PC2"
},
{
"lessThanOrEqual": "FOXMAN-UN R16B PC4",
"status": "unaffected",
"version": "FOXMAN-UN R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15B PC4"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R15B PC5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNEM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "UNEM R16B PC2"
},
{
"lessThanOrEqual": "UNEM R16B PC4",
"status": "unaffected",
"version": "UNEM R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC4"
},
{
"status": "unaffected",
"version": "UNEM R15B PC4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.\n\n\n"
}
],
"value": "A vulnerability exists in the message queueing mechanism that if \nexploited can lead to the exposure of resources or functionality to \nunintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T16:05:56.127Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-28023",
"datePublished": "2024-06-11T13:55:56.127Z",
"dateReserved": "2024-02-29T13:42:00.746Z",
"dateUpdated": "2024-08-02T00:48:47.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28010 (GCVE-0-2024-28010)
Vulnerability from cvelistv5 – Published: 2024-03-28 00:54 – Updated: 2025-01-14 03:54- CWE-259 - Use of Hard-coded Password
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | WG1800HP4 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS3 |
Affected:
all versions
|
|
| NEC Corporation | WG1900HP2 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP3 |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP3 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS2 |
Affected:
all versions
|
|
| NEC Corporation | WG1900HP |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP2 |
Affected:
all versions
|
|
| NEC Corporation | W1200EX(-MS) |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP |
Affected:
all versions
|
|
| NEC Corporation | WF300HP2 |
Affected:
all versions
|
|
| NEC Corporation | W300P |
Affected:
all versions
|
|
| NEC Corporation | WF800HP |
Affected:
all versions
|
|
| NEC Corporation | WR8165N |
Affected:
all versions
|
|
| NEC Corporation | WG2200HP |
Affected:
all versions
|
|
| NEC Corporation | WF1200HP2 |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP2 |
Affected:
all versions
|
|
| NEC Corporation | WF1200HP |
Affected:
all versions
|
|
| NEC Corporation | WG600HP |
Affected:
all versions
|
|
| NEC Corporation | WG300HP |
Affected:
all versions
|
|
| NEC Corporation | WF300HP |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP |
Affected:
all versions
|
|
| NEC Corporation | WG1400HP |
Affected:
all versions
|
|
| NEC Corporation | WR8175N |
Affected:
all versions
|
|
| NEC Corporation | WR9300N |
Affected:
all versions
|
|
| NEC Corporation | WR8750N |
Affected:
all versions
|
|
| NEC Corporation | WR8160N |
Affected:
all versions
|
|
| NEC Corporation | WR9500N |
Affected:
all versions
|
|
| NEC Corporation | WR8600N |
Affected:
all versions
|
|
| NEC Corporation | WR8370N |
Affected:
all versions
|
|
| NEC Corporation | WR8170N |
Affected:
all versions
|
|
| NEC Corporation | WR8700N |
Affected:
all versions
|
|
| NEC Corporation | WR8300N |
Affected:
all versions
|
|
| NEC Corporation | WR8150N |
Affected:
all versions
|
|
| NEC Corporation | WR4100N |
Affected:
all versions
|
|
| NEC Corporation | WR4500N |
Affected:
all versions
|
|
| NEC Corporation | WR8100N |
Affected:
all versions
|
|
| NEC Corporation | WR8500N |
Affected:
all versions
|
|
| NEC Corporation | CR2500P |
Affected:
all versions
|
|
| NEC Corporation | WR8400N |
Affected:
all versions
|
|
| NEC Corporation | WR8200N |
Affected:
all versions
|
|
| NEC Corporation | WR1200H |
Affected:
all versions
|
|
| NEC Corporation | WR7870S |
Affected:
all versions
|
|
| NEC Corporation | WR6670S |
Affected:
all versions
|
|
| NEC Corporation | WR7850S |
Affected:
all versions
|
|
| NEC Corporation | WR6650S |
Affected:
all versions
|
|
| NEC Corporation | WR6600H |
Affected:
all versions
|
|
| NEC Corporation | WR7800H |
Affected:
all versions
|
|
| NEC Corporation | WM3400RN |
Affected:
all versions
|
|
| NEC Corporation | WM3450RN |
Affected:
all versions
|
|
| NEC Corporation | WM3500R |
Affected:
all versions
|
|
| NEC Corporation | WM3600R |
Affected:
all versions
|
|
| NEC Corporation | WM3800R |
Affected:
all versions
|
|
| NEC Corporation | WR8166N |
Affected:
all versions
|
|
| NEC Corporation | MR01LN |
Affected:
all versions
|
|
| NEC Corporation | MR02LN |
Affected:
all versions
|
|
| NEC Corporation | WG1810HP(JE) |
Affected:
all versions
|
|
| NEC Corporation | WG1810HP(MF) |
Affected:
all versions
|
|
| nec | aterm_wg1800hp4_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf300hp2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf800hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hs_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8165n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf300hp2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf800hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hs_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8165n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aterm_wg1800hp4_firmware",
"vendor": "nec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:51:40.488406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T16:40:00.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:47.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WG1800HP4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1900HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1900HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "W1200EX(-MS)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF300HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "W300P",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8165N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1400HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8175N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR9300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8750N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8160N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR9500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8600N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8370N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8170N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8700N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8150N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR4100N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR4500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8100N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "CR2500P",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8400N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8200N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR1200H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7870S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6670S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7850S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6650S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6600H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7800H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3400RN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3450RN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3500R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3600R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3800R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8166N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "MR01LN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "MR02LN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1810HP(JE)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1810HP(MF)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Katsuhiko Sato and Ryo Kashiro of 00One, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet."
}
],
"value": "Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259: Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T03:54:22.800Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2024-28010",
"datePublished": "2024-03-28T00:54:15.116Z",
"dateReserved": "2024-02-29T08:40:13.581Z",
"dateUpdated": "2025-01-14T03:54:22.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27774 (GCVE-0-2024-27774)
Vulnerability from cvelistv5 – Published: 2024-03-18 13:34 – Updated: 2024-08-02 00:41- CWE-259 - Use of Hard-coded Password
| Vendor | Product | Version | |
|---|---|---|---|
| Unitronics | Unistream Unilogic |
Affected:
All versions , < 1.35.227
(custom)
|
|
| unitronics | unistream_unilogic |
Affected:
0 , < 1.35.227
(custom)
cpe:2.3:a:unitronics:unistream_unilogic:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:unitronics:unistream_unilogic:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unistream_unilogic",
"vendor": "unitronics",
"versions": [
{
"lessThan": "1.35.227",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T21:32:07.422871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T21:32:26.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:54.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
},
{
"tags": [
"x_transferred"
],
"url": "https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Unistream Unilogic",
"vendor": "Unitronics ",
"versions": [
{
"lessThan": "1.35.227",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Noam Moshe, Vera Mens of Claroty Team82"
}
],
"datePublic": "2024-03-18T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 -\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device\u0027s Firmware\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\n\n\n\n\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\nUnitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 -\n\nCWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device\u0027s Firmware\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259: Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T13:34:31.538Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
},
{
"url": "https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to version 1.35.227 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nUpgrade to version 1.35.227 or later.\n\n"
}
],
"source": {
"advisory": "ILVN-2024-0154",
"discovery": "UNKNOWN"
},
"title": "Unitronics Unistream Unilogic \u2013 Versions prior to 1.35.227 CWE-259: Use of Hard-coded Password",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2024-27774",
"datePublished": "2024-03-18T13:34:31.538Z",
"dateReserved": "2024-02-26T09:27:55.323Z",
"dateUpdated": "2024-08-02T00:41:54.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27164 (GCVE-0-2024-27164)
Vulnerability from cvelistv5 – Published: 2024-06-14 03:42 – Updated: 2025-02-13 17:46- CWE-259 - Use of Hard-coded Password
| Vendor | Product | Version | |
|---|---|---|---|
| Toshiba Tec Corporation | Toshiba Tec e-Studio multi-function peripheral (MFP) |
Affected:
see the reference URL
|
|
| toshibatec | e-studio-2521_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2020_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2520_nc |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2021_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2525_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3025_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3525_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3525_acg |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-4525_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-5525_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-5525_acg |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-6525_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-6525_acg |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2528-a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3028-a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3528-a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3528-ag |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-4528-a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-4528-ag |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-5528-a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-6528-a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-6526-ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-6527-ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-7527-ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-6529-a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-7529-a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-9029-a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-330-ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-400-ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2010-ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2110-ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2510-ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2610-ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2015-nc |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2515-nc |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2615-nc |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3015-nc |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3115-nc |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3515-nc |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3615-nc |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-4515_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-4615_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-5015_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-5115_ac |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2018_a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2518_a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-2618_a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3018_a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3118_a |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:* |
|
| toshibatec | e-studio-3118_ag |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2521_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2020_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2520_nc",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2021_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2525_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3025_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3525_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3525_acg",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-4525_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-5525_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-5525_acg",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-6525_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-6525_acg",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2528-a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3028-a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3528-a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3528-ag",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-4528-a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-4528-ag",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-5528-a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-6528-a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-6526-ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-6527-ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-7527-ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-6529-a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-7529-a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-9029-a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-330-ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-400-ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2010-ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2110-ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2510-ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2610-ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2015-nc",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2515-nc",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2615-nc",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3015-nc",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3115-nc",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3515-nc",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3615-nc",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-4515_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-4615_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-5015_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-5115_ac",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2018_a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2518_a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-2618_a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3018_a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3118_a",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "e-studio-3118_ag",
"vendor": "toshibatec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T16:46:16.555920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:27:46.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the reference URL"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products."
}
],
"datePublic": "2024-06-14T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL."
}
],
"value": "Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We are not aware of any malicious exploitation by these vulnerabilities.\u003cbr\u003e"
}
],
"value": "We are not aware of any malicious exploitation by these vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-04T05:07:17.972Z",
"orgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
"shortName": "Toshiba"
},
"references": [
{
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in the version released on June 14, 2024 and all later versions.\u003cbr\u003e"
}
],
"value": "This issue is fixed in the version released on June 14, 2024 and all later versions."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-06-14T02:00:00.000Z",
"value": "Fixes will be released"
}
],
"title": "Hardcoded credentials",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.\u003cbr\u003e"
}
],
"value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
"assignerShortName": "Toshiba",
"cveId": "CVE-2024-27164",
"datePublished": "2024-06-14T03:42:00.905Z",
"dateReserved": "2024-02-21T02:11:59.652Z",
"dateUpdated": "2025-02-13T17:46:08.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26196 (GCVE-0-2024-26196)
Vulnerability from cvelistv5 – Published: 2024-02-29 20:27 – Updated: 2025-05-03 01:37- CWE-259 - Use of Hard-coded Password
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Edge for Android |
Affected:
1.0.0 , < 122.0.2365.63
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T17:55:42.878960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:43.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "122.0.2365.63",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "122.0.2365.63",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-02-29T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259: Use of Hard-coded Password",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:37:21.642Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26196"
}
],
"title": "Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-26196",
"datePublished": "2024-02-29T20:27:10.655Z",
"dateReserved": "2024-02-14T22:23:54.100Z",
"dateUpdated": "2025-05-03T01:37:21.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21990 (GCVE-0-2024-21990)
Vulnerability from cvelistv5 – Published: 2024-04-17 19:35 – Updated: 2024-08-01 22:35| Vendor | Product | Version | |
|---|---|---|---|
| NetApp | ONTAP Select Deploy administration utility |
Affected:
9.12.1 , ≤ 9.14.1P2
(patch)
|
|
| netapp | clustered_data_ontap |
Affected:
9.12.1
cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:* |
|
| netapp | clustered_data_ontap |
Affected:
9.13.1
cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:* |
|
| netapp | clustered_data_ontap |
Affected:
9.14.0
cpe:2.3:o:netapp:clustered_data_ontap:9.14.0:-:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:netapp:clustered_data_ontap:9.12.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clustered_data_ontap",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "9.12.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:netapp:clustered_data_ontap:9.13.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clustered_data_ontap",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "9.13.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:netapp:clustered_data_ontap:9.14.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clustered_data_ontap",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "9.14.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T15:34:29.517252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:30.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240411-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ONTAP Select Deploy administration utility",
"vendor": "NetApp",
"versions": [
{
"lessThanOrEqual": "9.14.1P2",
"status": "affected",
"version": "9.12.1",
"versionType": "patch"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\u003cbr\u003e"
}
],
"value": "ONTAP Select Deploy administration utility versions 9.12.1.x, \n9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an\n attacker to view Deploy configuration information and modify the \naccount credentials.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T19:35:23.599Z",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240411-0002/"
}
],
"source": {
"advisory": "NTAP-20240411-0002",
"discovery": "UNKNOWN"
},
"title": "Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2024-21990",
"datePublished": "2024-04-17T19:35:23.599Z",
"dateReserved": "2024-01-03T19:45:25.346Z",
"dateUpdated": "2024-08-01T22:35:34.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20412 (GCVE-0-2024-20412)
Vulnerability from cvelistv5 – Published: 2024-10-23 17:39 – Updated: 2024-10-26 03:55- CWE-259 - Use of Hard-coded Password
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
7.1.0
Affected: 7.1.0.1 Affected: 7.1.0.2 Affected: 7.1.0.3 Affected: 7.2.0 Affected: 7.2.0.1 Affected: 7.2.1 Affected: 7.2.2 Affected: 7.2.3 Affected: 7.2.4 Affected: 7.2.4.1 Affected: 7.2.5 Affected: 7.2.5.1 Affected: 7.2.6 Affected: 7.2.7 Affected: 7.2.5.2 Affected: 7.3.0 Affected: 7.3.1 Affected: 7.3.1.1 Affected: 7.3.1.2 Affected: 7.4.0 Affected: 7.4.1 Affected: 7.4.1.1 |
|
| cisco | firepower_threat_defense_software |
Affected:
7.1.0 , ≤ 7.1.0.3
(custom)
Affected: 7.2.0 , ≤ 7.2.7 (custom) Affected: 7.3.0 , ≤ 7.3.1.2 (custom) Affected: 7.4.0 , ≤ 7.4.1.1 (custom) cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firepower_threat_defense_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.1.0.3",
"status": "affected",
"version": "7.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.3.1.2",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.4.1.1",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-26T03:55:24.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.2.4"
},
{
"status": "affected",
"version": "7.2.4.1"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.2.5.1"
},
{
"status": "affected",
"version": "7.2.6"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.5.2"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.1.1"
},
{
"status": "affected",
"version": "7.3.1.2"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.\r\n\r This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T17:39:04.071Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ftd-statcred-dFC8tXT5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5"
}
],
"source": {
"advisory": "cisco-sa-ftd-statcred-dFC8tXT5",
"defects": [
"CSCwk07982"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20412",
"datePublished": "2024-10-23T17:39:04.071Z",
"dateReserved": "2023-11-08T15:08:07.663Z",
"dateUpdated": "2024-10-26T03:55:24.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
For outbound authentication: store passwords outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible.
Mitigation
For inbound authentication: Rather than hard-code a default username and password for first time logins, utilize a "first login" mode that requires the user to enter a unique strong password.
Mitigation
Perform access control checks and limit which entities can access the feature that requires the hard-coded password. For example, a feature might only be enabled through the system console instead of through a network connection.
Mitigation
- For inbound authentication: apply strong one-way hashes to your passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When receiving an incoming password during authentication, take the hash of the password and compare it to the hash that you have saved.
- Use randomly assigned salts for each separate hash that you generate. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method.
Mitigation
For front-end to back-end connections: Three solutions are possible, although none are complete.
No CAPEC attack patterns related to this CWE.