CVE-2024-39290

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Published Nov 22, 2024
CWE ID 522

Summary

CVE-2024-39290 is a newly disclosed vulnerability affecting Aiphonix's IX SYSTEM and IXG SYSTEM. This issue arises from insufficient credential protection, allowing network-adjacent, unauthenticated attackers to gain access to sensitive information, including usernames and their corresponding passwords, which are stored in the address book. The impact of this vulnerability is significant, as it enables attackers to potentially compromise other parts of the system using the obtained credentials. It is crucial for users to update their devices as soon as a patch becomes available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share