admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/2xxx/CVE-2024-2197.json
CVE Team fc855fce9d
"-Synchronized-Data."
2024-06-05 23:00:34 +00:00

127 lines
4.9 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-2197",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259",
"cweId": "CWE-259"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Chirp Systems",
"product": {
"product_data": [
{
"product_name": "Chirp Access",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v1.26.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01"
},
{
"url": "https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html",
"refsource": "MISC",
"name": "https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-067-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">For additional information, please see Chirp Systems statement </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html\">here</a><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;or contact RealPage (Chirp Systems' parent company) via their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.realpage.com/support/\">support page</a><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n\n\n<br>"
}
],
"value": "For additional information, please see Chirp Systems statement here https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html \u00a0or contact RealPage (Chirp Systems' parent company) via their support page https://www.realpage.com/support/ ."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v1.26.0<br>"
}
],
"value": "Update to v1.26.0"
}
],
"credits": [
{
"lang": "en",
"value": "Matt Brown reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink