Insufficiently Protected Credentials

CVE-2024-47142

Medium

5.5/10

Summary

AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

Advisory Timeline

Published Nov 22, 2024

Insufficiently Protected Credentials

CVE-2024-47142

Summary

CWE-522 - Insufficiently Protected Credentials

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS