CVE-2024-38280

Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

Description

An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.

Remediation

Solution:

  • Motorola Solutions recommends the following for each identified vulnerability: CVE-2024-38280: * Apply encryption to all Criminal Justice Information (CJI) data. * Apply full disk encryption with LUKS encryption standards and add password protection to the GRUB Bootloader. * Perform column-level encryption for sensitive data in the database. All devices shipped after May 10, 2024 are already using full disk encryption. All devices that are not able to have full disk encryption applied have had all CJI data encrypted. No further actions are required by customers.

Categories

7.0
CVSS
Severity: High
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.04%
Third-Party Advisory cisa.gov
Affected: Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 government resource third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2024-38280?
CVE-2024-38280 has been scored as a high severity vulnerability.
How to fix CVE-2024-38280?
To fix CVE-2024-38280: Motorola Solutions recommends the following for each identified vulnerability: CVE-2024-38280: * Apply encryption to all Criminal Justice Information (CJI) data. * Apply full disk encryption with LUKS encryption standards and add password protection to the GRUB Bootloader. * Perform column-level encryption for sensitive data in the database. All devices shipped after May 10, 2024 are already using full disk encryption. All devices that are not able to have full disk encryption applied have had all CJI data encrypted. No further actions are required by customers.
Is CVE-2024-38280 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-38280 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-38280?
CVE-2024-38280 affects Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.