mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
137 lines
5.3 KiB
JSON
137 lines
5.3 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-32754",
|
|
"ASSIGNER": "productsecurity@jci.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
|
|
"cweId": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Johnson Controls",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Kantech KT1 Door Controller, Rev01",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "0",
|
|
"version_value": "2.09.10"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kantech KT2 Door Controller, Rev01",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "0",
|
|
"version_value": "2.09.10"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Kantech KT400 Door Controller, Rev01",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "0",
|
|
"version_value": "3.01.16"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories",
|
|
"refsource": "MISC",
|
|
"name": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
|
|
},
|
|
{
|
|
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01",
|
|
"refsource": "MISC",
|
|
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "\n\n<p>Update Kantech door controllers as follows:</p><ul><li><p>Update Kantech KT1 Door Controller to at least version 3.10.12</p></li><li><p>Update Kantech KT2 Door Controller to at least version 3.10.12</p></li><li><p>Update Kantech KT400 Door Controller to at least version 3.03</p></li></ul>"
|
|
}
|
|
],
|
|
"value": "Update Kantech door controllers as follows:\n\n * Update Kantech KT1 Door Controller to at least version 3.10.12\n\n\n * Update Kantech KT2 Door Controller to at least version 3.10.12\n\n\n * Update Kantech KT400 Door Controller to at least version 3.03"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "National Computer Emergency Response Team (CERT) of India"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.1,
|
|
"baseSeverity": "LOW",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |