CVE-2024-41681

Name of the Vulnerable Software and Affected Versions Location Intelligence versions prior to V4.4

Description The issue is related to insufficiently strong data encryption. This could allow an unauthenticated attacker in an on-path position to read and modify any data passed over the connection between legitimate clients and the affected device. The web server of affected products is configured to support weak ciphers by default.

Recommendations For versions prior to V4.4, update to version V4.4 or later to resolve the issue. As a temporary workaround, consider reconfiguring the web server to support stronger ciphers until a patch is available. Restrict access to the web server to minimize the risk of exploitation.