{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2420", "assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f", "state": "PUBLISHED", "assignerShortName": "Carrier", "dateReserved": "2024-03-13T13:55:47.727Z", "datePublished": "2024-05-30T17:22:06.344Z", "dateUpdated": "2024-08-01T19:11:53.496Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetBox", "vendor": "LenelS2", "versions": [{"lessThanOrEqual": "5.6.1", "status": "affected", "version": "All", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Claroty Team82"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements. "}], "value": "LenelS2 NetBox access control and event monitoring system was discovered to contain\u00a0Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-259", "description": "CWE-259 Use of Hardcoded Password", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f", "shortName": "Carrier", "dateUpdated": "2024-05-30T17:22:06.344Z"}, "references": [{"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."}], "value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions."}], "source": {"discovery": "EXTERNAL"}, "title": "LenelS2 NetBox Hardcoded Credentials", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2420", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-30T19:12:38.190957Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:carrier:lenels2_netbox:0:*:*:*:*:*:*:*"], "vendor": "carrier", "product": "lenels2_netbox", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.6.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:29:12.413Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.496Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf", "tags": ["x_transferred"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.496Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2420", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-30T19:12:38.190957Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:carrier:lenels2_netbox:0:*:*:*:*:*:*:*"], "vendor": "carrier", "product": "lenels2_netbox", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.6.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-30T19:15:24.015Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "LenelS2 NetBox Hardcoded Credentials", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Claroty Team82"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "LenelS2", "product": "NetBox", "versions": [{"status": "affected", "version": "All", "versionType": "custom", "lessThanOrEqual": "5.6.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions.", "supportingMedia": [{"type": "text/html", "value": "LenelS2 advises customers to apply to the updated version of NetBox 5.6.2 or newer via the LenelS2 Partner Center. Please get in touch with your support channel partner for instructions.", "base64": false}]}], "references": [{"url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "LenelS2 NetBox access control and event monitoring system was discovered to contain\u00a0Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.", "supportingMedia": [{"type": "text/html", "value": "LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "CWE-259 Use of Hardcoded Password"}]}], "providerMetadata": {"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f", "shortName": "Carrier", "dateUpdated": "2024-05-30T17:22:06.344Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2420", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:11:53.496Z", "dateReserved": "2024-03-13T13:55:47.727Z", "assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f", "datePublished": "2024-05-30T17:22:06.344Z", "assignerShortName": "Carrier"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:honeywell:lenels2_netbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B8153DE-C177-4E18-99C1-8677E1FC82B1", "versionEndExcluding": "5.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LenelS2 NetBox access control and event monitoring system was discovered to contain\u00a0Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements."}, {"lang": "es", "value": "Se descubri\u00f3 que el sistema de control de acceso y monitoreo de eventos LenelS2 NetBox contiene credenciales codificadas en versiones anteriores a la 5.6.1 incluida, lo que permite a un atacante eludir los requisitos de autenticaci\u00f3n."}], "id": "CVE-2024-2420", "lastModified": "2026-02-02T13:14:26.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "productsecurity@carrier.com", "type": "Secondary"}]}, "published": "2024-05-30T18:15:09.070", "references": [{"source": "productsecurity@carrier.com", "tags": ["US Government Resource", "Vendor Advisory"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"}, {"source": "productsecurity@carrier.com", "tags": ["Broken Link"], "url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource", "Vendor Advisory"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf"}], "sourceIdentifier": "productsecurity@carrier.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}], "source": "productsecurity@carrier.com", "type": "Secondary"}]}

{}

{}