PT-2024-31802 · Aiphone · Aiphone Ixg System
Published
2024-11-21
·
Updated
2024-11-22
·
CVE-2024-45837
CVSS v3.1
5.4
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
AIPHONE IX SYSTEM (affected versions not specified)
AIPHONE IXG SYSTEM (affected versions not specified)
System Support Software (affected versions not specified)
Description:
A use of hard-coded cryptographic key issue exists, allowing a network-adjacent unauthenticated attacker to log in to the SFTP service and obtain and/or manipulate unauthorized files.
Recommendations:
For AIPHONE IX SYSTEM, update the cryptographic key to a unique and secure value.
For AIPHONE IXG SYSTEM, update the cryptographic key to a unique and secure value.
For System Support Software, update the cryptographic key to a unique and secure value.
As a temporary workaround, consider restricting access to the SFTP service until a secure cryptographic key is implemented.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aiphone Ixg System