CVE-2024-47256 — MEDIUM (6.0)

Vulnerability Description

Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older. 2N has released an updated version 3.3 of 2N Access Commander, where this vulnerability is mitigated. It is recommended that all customers update 2N Access Commander to the latest version.

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Related Weaknesses (CWE)

CWE-321

References

https://www.2n.com/en-GB/download/cve_2024_47256_acom_3_3_v1pdf

FAQ

What is CVE-2024-47256?

CVE-2024-47256 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Successful exploitation of this vulnerability could allow an attacker (who needs to have Admin access privileges) to read hardcoded AES passphrase, which may be used for decryption of certain data wit...

How severe is CVE-2024-47256?

CVE-2024-47256 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47256?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.