CVE-2024-2420

EPSS 0.08%
Veröffentlicht 30.05.2024 18:15:09
Zuletzt bearbeitet 02.02.2026 13:14:26
Quelle productsecurity@carrier.com
CVE-Watchlists
Login
Unerledigt
Login

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Honeywell ≫ Lenels2 Netbox Version < 5.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.24

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
productsecurity@carrier.com	8.8	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01

US Government Resource

Vendor Advisory

https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-2420

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2420

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2420

EUVD