Hughes Network Systems WL3000 Fusion Software

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v4 7.1
  • ATTENTION: Low attack complexity
  • Vendor: Hughes Network Systems
  • Equipment: WL3000 Fusion Software
  • Vulnerabilities: Insufficiently Protected Credentials, Missing Encryption of Sensitive Data

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to obtain read-only access to network configuration information and terminal configuration data.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Hughes Network Systems work streams are affected:

  • WL3000 Fusion Software: Versions prior to 2.7.0.10

3.2 Vulnerability Overview

3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522

Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data.

CVE-2024-39278 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.2 has been calculated; the CVSS vector string is (AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

A CVSS v4 score has also been calculated for CVE-2024-39278. A base score of 5.1 has been calculated; the CVSS vector string is (CVSS4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).

3.2.2 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311

Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article: