CVE-2024-47256

Feb. 21, 2025, 1:15 p.m.

6.0
Medium

Description

Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older. 2N has released an updated version 3.3 of 2N Access Commander, where this vulnerability is mitigated. It is recommended that all customers update 2N Access Commander to the latest version.

Product(s) Impacted

Product Versions
2N Access Commander
  • ['1.14 and older']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-321
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References

https://www.2n.com/en-GB/download/cve_2024_47256_acom_3_3_v1pdf

Tags

CWE-321
product-security@axis.com
2025-02-06
CVE-2024-47256

CVSS Score

6.0 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE

    • CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

    View Vector String

Timeline

Published: Feb. 6, 2025, 8:15 p.m.
Last Modified: Feb. 21, 2025, 1:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@axis.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.