CVE-2024-23962

EPSS 0.65%
Veröffentlicht 31.01.2025 00:15:09
Zuletzt bearbeitet 12.08.2025 18:13:55
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Alpsalpine ≫ Ilx-f509 Firmware

Alpsalpine ≫ Ilx-f509 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.65%	0.701

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ics-cert@hq.dhs.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.zerodayinitiative.com/advisories/ZDI-24-847/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-23962

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23962

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23962

EUVD