CVE-2024-39290

Description

Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book.

References

Link	Tags
https://www.aiphone.net/important/20241016_1/
https://www.aiphone.net/important/20241016_2/
https://www.aiphone.net/support/software-documents/ix/
https://www.aiphone.net/support/software-documents/ixg/
https://jvn.jp/en/jp/JVN41397971/

Frequently Asked Questions

What is the severity of CVE-2024-39290?: CVE-2024-39290 has been scored as a medium severity vulnerability.
How to fix CVE-2024-39290?: To fix CVE-2024-39290, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-39290 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-39290 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-39290?: CVE-2024-39290 affects AIPHONE CO., LTD. IX-MV, AIPHONE CO., LTD. IX-MV7-HB, AIPHONE CO., LTD. IX-MV7-HBT, AIPHONE CO., LTD. IX-MV7-HW, AIPHONE CO., LTD. IX-MV7-HWT, AIPHONE CO., LTD. IX-MV7-HW-JP, AIPHONE CO., LTD. IX-MV7-B, AIPHONE CO., LTD. IX-MV7-BT, AIPHONE CO., LTD. IX-MV7-W, AIPHONE CO., LTD. IX-MV7-WT, AIPHONE CO., LTD. IX-DA, AIPHONE CO., LTD. IX-DAU, AIPHONE CO., LTD. IX-DB, AIPHONE CO., LTD. IX-DBT, AIPHONE CO., LTD. IX-EA, AIPHONE CO., LTD. IX-EAT, AIPHONE CO., LTD. IX-EAU, AIPHONE CO., LTD. IX-DV, AIPHONE CO., LTD. IX-DVT, AIPHONE CO., LTD. IX-DVF, AIPHONE CO., LTD. IX-DVF-P, AIPHONE CO., LTD. IX-DVF-L, AIPHONE CO., LTD. IX-DVM, AIPHONE CO., LTD. IX-DU, AIPHONE CO., LTD. IX-DVF-RA, AIPHONE CO., LTD. IX-DVF-2RA, AIPHONE CO., LTD. IX-BA, AIPHONE CO., LTD. IX-BAU, AIPHONE CO., LTD. IX-BB, AIPHONE CO., LTD. IX-BBT, AIPHONE CO., LTD. IX-FA, AIPHONE CO., LTD. IX-SSA, AIPHONE CO., LTD. IX-SS-2G, AIPHONE CO., LTD. IX-SS-2GT, AIPHONE CO., LTD. IX-SS-2G-N, AIPHONE CO., LTD. IX-BU, AIPHONE CO., LTD. IX-SSA-RA, AIPHONE CO., LTD. IX-SSA-2RA, AIPHONE CO., LTD. IX-RS-B, AIPHONE CO., LTD. IX-RS-BT, AIPHONE CO., LTD. IX-RS-W, AIPHONE CO., LTD. IX-RS-WT, AIPHONE CO., LTD. IXW-MA, AIPHONE CO., LTD. IX-SPMIC, AIPHONE CO., LTD. IXG-2C7, AIPHONE CO., LTD. IXG-2C7-L, AIPHONE CO., LTD. IXG-DM7, AIPHONE CO., LTD. IXG-DM7-HID, AIPHONE CO., LTD. IXG-DM7-HIDA, AIPHONE CO., LTD. IXG-DM7-10K, AIPHONE CO., LTD. IXG-MK, AIPHONE CO., LTD. IXGW-GW, AIPHONE CO., LTD. IXGW-TGW, AIPHONE CO., LTD. IXGW-LC.

Description

Category

CWE-522 – Insufficiently Protected Credentials

References

Frequently Asked Questions