CVE-2024-2420

LenelS2 NetBox Hardcoded Credentials

CVSS 8.8 HIGHEPSS 0.5%CWE-259

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Affected products

LenelS2 · NetBox

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01 https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf