cvelistv5 - cve-2024-32752

CVE-2024-32752 (GCVE-0-2024-32752)

Vulnerability from cvelistv5 – Published: 2024-06-06 20:49 – Updated: 2025-04-24 20:05

Summary

The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access

Severity ?

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

jci

References

URL

Tags

	https://www.johnsoncontrols.com/trust-center/cybe…
	https://www.cisa.gov/news-events/ics-advisories/i…

Impacted products

Vendor

Product

Version

Johnson Controls

iSTAR Configuration Utility (ICU)

Affected: 0 , ≤ All (custom)

	Johnson Controls	iSTAR Pro, Edge and eX	Affected: 0 , ≤ All (custom)
	Johnson Controls	iSTAR Ultra and Ultra LT	Affected: 0 , < 6.6.B (custom)

Credits

Reid Wightman

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:johnsoncontrols:software_house_istar_pro_door_controller:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "software_house_istar_pro_door_controller",
            "vendor": "johnsoncontrols",
            "versions": [
              {
                "status": "affected",
                "version": "all"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:johnsoncontrols:icu:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "icu",
            "vendor": "johnsoncontrols",
            "versions": [
              {
                "status": "affected",
                "version": "all"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-32752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-07T16:00:39.441305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-07T16:15:20.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:20:35.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "iSTAR Configuration Utility (ICU)",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThanOrEqual": "All",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "iSTAR Pro, Edge and eX",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThanOrEqual": "All",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "iSTAR Ultra and Ultra LT",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThan": "6.6.B",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Reid Wightman"
        }
      ],
      "datePublic": "2025-04-24T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\ncommunications with ICU, which may allow an attacker to gain unauthorized access"
            }
          ],
          "value": "The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\ncommunications with ICU, which may allow an attacker to gain unauthorized access"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248: Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-24T20:05:35.350Z",
        "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "shortName": "jci"
      },
      "references": [
        {
          "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\nchanges.\n\u003cbr\u003e\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater. \n\n\u003cbr\u003e"
            }
          ],
          "value": "\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\nchanges.\n\n\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
    "assignerShortName": "jci",
    "cveId": "CVE-2024-32752",
    "datePublished": "2024-06-06T20:49:53.476Z",
    "dateReserved": "2024-04-17T17:26:35.180Z",
    "dateUpdated": "2025-04-24T20:05:35.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.\"}, {\"lang\": \"es\", \"value\": \"En determinadas circunstancias, las comunicaciones entre la herramienta ICU y un controlador de puerta iSTAR Pro son susceptibles a ataques Machine-in-the-Middle que podr\\u00edan afectar el control y la configuraci\\u00f3n de la puerta.\"}]",
      "id": "CVE-2024-32752",
      "lastModified": "2024-11-21T09:15:39.293",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"productsecurity@jci.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}",
      "published": "2024-06-06T21:15:48.523",
      "references": "[{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\", \"source\": \"productsecurity@jci.com\"}, {\"url\": \"https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf\", \"source\": \"productsecurity@jci.com\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "productsecurity@jci.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"productsecurity@jci.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-32752\",\"sourceIdentifier\":\"productsecurity@jci.com\",\"published\":\"2024-06-06T21:15:48.523\",\"lastModified\":\"2025-04-24T20:15:31.463\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\\ncommunications with ICU, which may allow an attacker to gain unauthorized access\"},{\"lang\":\"es\",\"value\":\"En determinadas circunstancias, las comunicaciones entre la herramienta ICU y un controlador de puerta iSTAR Pro son susceptibles a ataques Machine-in-the-Middle que podr\u00edan afectar el control y la configuraci\u00f3n de la puerta.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productsecurity@jci.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"productsecurity@jci.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\",\"source\":\"productsecurity@jci.com\"},{\"url\":\"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\",\"source\":\"productsecurity@jci.com\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:20:35.187Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32752\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-07T16:00:39.441305Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:johnsoncontrols:software_house_istar_pro_door_controller:*:*:*:*:*:*:*:*\"], \"vendor\": \"johnsoncontrols\", \"product\": \"software_house_istar_pro_door_controller\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:h:johnsoncontrols:icu:*:*:*:*:*:*:*:*\"], \"vendor\": \"johnsoncontrols\", \"product\": \"icu\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-07T16:11:07.500Z\"}}], \"cna\": {\"title\": \"Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Reid Wightman\"}], \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248: Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Johnson Controls\", \"product\": \"iSTAR Configuration Utility (ICU)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"All\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"iSTAR Pro, Edge and eX\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"All\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Johnson Controls\", \"product\": \"iSTAR Ultra and Ultra LT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.6.B\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\\nchanges.\\n\\n\\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\\nchanges.\\n\u003cbr\u003e\\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater. \\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-04-24T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\\ncommunications with ICU, which may allow an attacker to gain unauthorized access\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\\ncommunications with ICU, which may allow an attacker to gain unauthorized access\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306: Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"shortName\": \"jci\", \"dateUpdated\": \"2025-04-24T20:05:35.350Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-32752\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-24T20:05:35.350Z\", \"dateReserved\": \"2024-04-17T17:26:35.180Z\", \"assignerOrgId\": \"7281d04a-a537-43df-bfb4-fa4110af9d01\", \"datePublished\": \"2024-06-06T20:49:53.476Z\", \"assignerShortName\": \"jci\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ICSA-24-158-04

Vulnerability from csaf_cisa - Published: 2024-06-06 06:00 - Updated: 2025-07-29 06:00

Summary

Johnson Controls Software House iStar Door Controller (Update A)

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to the iSTAR Pro door controller.

Critical infrastructure sectors

Critical Manufacturing, Commercial Facilities, Government Services and Facilities, Transportation Systems, Energy

Countries/areas deployed

Worldwide

Company headquarters location

Ireland

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Reid Wightman"
        ],
        "organization": "Dragos",
        "summary": "reporting this vulnerability to Johnson Controls, Inc"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to the iSTAR Pro door controller.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Commercial Facilities, Government Services and Facilities, Transportation Systems, Energy",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Ireland",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-158-04 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-158-04.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-158-04 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Johnson Controls Software House iStar Door Controller (Update A)",
    "tracking": {
      "current_release_date": "2025-07-29T06:00:00.000000Z",
      "generator": {
        "date": "2025-07-29T21:11:30.795717Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-158-04",
      "initial_release_date": "2024-06-06T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-06-06T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-07-29T06:00:00.000000Z",
          "legacy_version": "Update A",
          "number": "2",
          "summary": "Update A - Added iStar Pro, Edge, eX, Ultra and Ultra LT to affected products and mitigation sections."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Johnson Controls Inc. Software House iStar Pro, Edge and eX door controllers: vers:all/*",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Software House iStar Pro, Edge and eX door controllers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cFirmware_6.6.B",
                "product": {
                  "name": "Johnson Controls Inc. Software House iStar Ultra and Ultra LT door controllers: \u003cFirmware_6.6.B",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Software House iStar Ultra and Ultra LT door controllers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Johnson Controls Inc. iSTAR Configuration Utility (ICU) Tool: vers:all/*",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "iSTAR Configuration Utility (ICU) Tool"
          }
        ],
        "category": "vendor",
        "name": "Johnson Controls Inc."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-32752",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "iSTAR door controllers running firmware prior to version 6.6.B are vulnerable because their communication with the ICU does not support authentication.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32752"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Johnson Controls recommends users replace the iSTAR Pro, Edge, and eX door controllers with current generation iSTAR door controllers, such as iSTAR Ultra G2 and Edge G2, which support proper authentication and prevent the ICU from making configuration changes. Ensure that iSTAR Ultra and Ultra LT door controllers are running firmware version 6.6.B or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2024-06-v2",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
        },
        {
          "category": "mitigation",
          "details": "Aligning with CISA recommendations, Johnson Controls recommends taking steps to minimize risks to all building automation systems.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Further ICS security notices and product security guidance are located at Johnson Controls product security websiteOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

GHSA-J85X-732X-XQ8Q

Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2025-04-24 21:31

Details

Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

8.8 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-32752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-06T21:15:48Z",
    "severity": "HIGH"
  },
  "details": "Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration.",
  "id": "GHSA-j85x-732x-xq8q",
  "modified": "2025-04-24T21:31:47Z",
  "published": "2024-06-06T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32752"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04"
    },
    {
      "type": "WEB",
      "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2024-32752

Vulnerability from fkie_nvd - Published: 2024-06-06 21:15 - Updated: 2025-04-24 20:15

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Summary

The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access

References

	URL	Tags
	productsecurity@jci.com	https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04
	productsecurity@jci.com	https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04
	af854a3a-2127-422b-91ae-364da2661108	https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\ncommunications with ICU, which may allow an attacker to gain unauthorized access"
    },
    {
      "lang": "es",
      "value": "En determinadas circunstancias, las comunicaciones entre la herramienta ICU y un controlador de puerta iSTAR Pro son susceptibles a ataques Machine-in-the-Middle que podr\u00edan afectar el control y la configuraci\u00f3n de la puerta."
    }
  ],
  "id": "CVE-2024-32752",
  "lastModified": "2025-04-24T20:15:31.463",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "productsecurity@jci.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-06-06T21:15:48.523",
  "references": [
    {
      "source": "productsecurity@jci.com",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04"
    },
    {
      "source": "productsecurity@jci.com",
      "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf"
    }
  ],
  "sourceIdentifier": "productsecurity@jci.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "productsecurity@jci.com",
      "type": "Secondary"
    }
  ]
}

GSD-2024-32752

Vulnerability from gsd - Updated: 2024-04-18 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-32752

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-32752"
      ],
      "id": "GSD-2024-32752",
      "modified": "2024-04-18T05:02:05.001839Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-32752",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-32752 (GCVE-0-2024-32752)

ICSA-24-158-04

GHSA-J85X-732X-XQ8Q

FKIE_CVE-2024-32752

GSD-2024-32752

Tags

Sightings

Nomenclature