cvelist/2024/2xxx/CVE-2024-2197.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-2197",
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-259",
                        "cweId": "CWE-259"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Chirp Systems",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Chirp Access",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "0",
                                            "version_value": "v1.26.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01",
                "refsource": "MISC",
                "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01"
            },
            {
                "url": "https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html",
                "refsource": "MISC",
                "name": "https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "advisory": "ICSA-24-067-01",
        "discovery": "EXTERNAL"
    },
    "work_around": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">For additional information, please see Chirp Systems statement </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html\">here</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;or contact RealPage (Chirp Systems' parent company) via their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.realpage.com/support/\">support page</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n\n\n<br>"
                }
            ],
            "value": "For additional information, please see Chirp Systems statement  here https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html \u00a0or contact RealPage (Chirp Systems' parent company) via their  support page https://www.realpage.com/support/ ."
        }
    ],
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Update to v1.26.0<br>"
                }
            ],
            "value": "Update to v1.26.0"
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Matt Brown reported this vulnerability to CISA."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2024-03-05 18:00:36 +00:00			`{`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-03-05 18:00:36 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-2197",`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`"ASSIGNER": "ics-cert@hq.dhs.gov",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-03-05 18:00:36 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-06-05 23:00:34 +00:00			"value": "The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points."
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-06-05 23:00:34 +00:00			`"value": "CWE-259",`
			`"cweId": "CWE-259"`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Chirp Systems",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Chirp Access",`
			`"version": {`
			`"version_data": [`
			`{`
"-Synchronized-Data." 2024-06-05 23:00:34 +00:00			`"version_affected": "<",`
			`"version_name": "0",`
			`"version_value": "v1.26.0"`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01",`
			`"refsource": "MISC",`
			`"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01"`
"-Synchronized-Data." 2024-06-05 23:00:34 +00:00			`},`
			`{`
			`"url": "https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html",`
			`"refsource": "MISC",`
			`"name": "https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html"`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"advisory": "ICSA-24-067-01",`
			`"discovery": "EXTERNAL"`
			`},`
			`"work_around": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
"-Synchronized-Data." 2024-06-05 23:00:34 +00:00			"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">For additional information, please see Chirp Systems statement </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html\">here</a><span style=\"background-color: rgb(255, 255, 255);\"> or contact RealPage (Chirp Systems' parent company) via their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.realpage.com/support/\">support page</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n\n\n<br>"
			`}`
			`],`
			`"value": "For additional information, please see Chirp Systems statement here https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html \u00a0or contact RealPage (Chirp Systems' parent company) via their support page https://www.realpage.com/support/ ."`
			`}`
			`],`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "Update to v1.26.0<br>"`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`}`
			`],`
"-Synchronized-Data." 2024-06-05 23:00:34 +00:00			`"value": "Update to v1.26.0"`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`}`
			`],`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Matt Brown reported this vulnerability to CISA."`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
"-Synchronized-Data." 2024-06-05 23:00:34 +00:00			`"attackVector": "ADJACENT_NETWORK",`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`"availabilityImpact": "NONE",`
"-Synchronized-Data." 2024-06-05 23:00:34 +00:00			`"baseScore": 4.3,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
"-Synchronized-Data." 2024-06-05 23:00:34 +00:00			`"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",`
"-Synchronized-Data." 2024-04-01 23:09:32 +00:00			`"version": "3.1"`
"-Synchronized-Data." 2024-03-05 18:00:36 +00:00			`}`
			`]`
			`}`
			`}`