CVE-2024-32754 Vulnerability Details

  /     /     /  

CVE-2024-32754 Metadata Quick Info

CVE Published: 04/07/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: jci | Vendor: Johnson Controls | Product: Kantech KT1 Door Controller, Rev01
Status : PUBLISHED

---

CVE-2024-32754 Description

Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.

Metrics

CVSS Version: 3.1 | Base Score: 3.1 LOW
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Source: Johnson Controls

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-117
CAPEC Description: CAPEC-117: Interception


Source: NVD (National Vulnerability Database).