Vulnerability Description
The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01
- https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01
FAQ
What is CVE-2024-2197?
CVE-2024-2197 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the appl...
How severe is CVE-2024-2197?
CVE-2024-2197 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2197?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.