CVE-2024-47258

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 6, 2025

Updated: Feb 21, 2025

CWE ID 300

Summary

CVE-2024-47258: The 2N Access Commander version 2.1 and older suffer from a security vulnerability that exposes them to Man-in-the-Middle attacks due to the lack of certificate verification for 2N edge devices by default. 2N has released an updated version 3.3 of 2N Access Commander, which includes Certificate Fingerprint Verification as a security measure. Since February 2022, version 2.2 has offered the option to enforce TLS certificate validation. It is strongly advised for all customers to update their 2N Access Commander software and utilize either the new certificate verification feature or the TLS certificate validation option.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

2N TELEKOMUNIKACE a.s.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database