CVE-2024-2161 - Vulnerability Details - OpenCVE

Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00568.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-27125	Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

Fixes

Solution

Upgrade to the firmware 2.02.0227 or later

Workaround

Restrict access to the management interface of all affected Kiloview devices by applying strict firewall rules or other available means.

References

Link	Providers
https://www.kiloview.com/en/support/download/1779/
https://www.kiloview.com/en/support/download/n20-firmware-download/
https://www.kiloview.com/en/support/download/n3-for-ndi/
https://www.kiloview.com/en/support/download/n3-s-firmware-download/
https://www.kiloview.com/en/support/download/n30-for-ndi/
https://www.kiloview.com/en/support/download/n40/

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published: 2024-03-21T06:00:17.957Z

Updated: 2024-08-02T15:06:30.673Z

Reserved: 2024-03-04T13:18:31.014Z

Link: CVE-2024-2161

Vulnrichment

Updated: 2024-08-01T19:03:39.093Z

NVD

Status : Awaiting Analysis

Published: 2024-03-21T06:15:46.690

Modified: 2024-11-21T09:09:09.573

Link: CVE-2024-2161

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-798

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2161", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2024-03-04T13:18:31.014Z", "datePublished": "2024-03-21T06:00:17.957Z", "dateUpdated": "2024-08-02T15:06:30.673Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "NDI", "vendor": "Kiloview", "versions": [{"status": "unaffected", "version": "N3 Firmware 2.02.0227"}, {"status": "unaffected", "version": "N3-s Firmware 2.02.0227"}, {"status": "unaffected", "version": "N4 Firmware 2.02.0227"}, {"status": "unaffected", "version": "N20 Firmware 2.02.0227"}, {"status": "unaffected", "version": "N30 Firmware 2.02.0227"}, {"status": "unaffected", "version": "N40 Firmware 2.02.0227"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Milan Duric, EBU"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authentication<p>This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .</p>"}], "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects\u00a0Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version\u00a02.02.0227 .\n\n"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2024-03-21T06:00:17.957Z"}, "references": [{"tags": ["release-notes"], "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"}, {"tags": ["release-notes"], "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"}, {"tags": ["release-notes"], "url": "https://www.kiloview.com/en/support/download/1779/"}, {"tags": ["release-notes"], "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"}, {"tags": ["release-notes"], "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"}, {"tags": ["release-notes"], "url": "https://www.kiloview.com/en/support/download/n40/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to the firmware 2.02.0227 or later<br>"}], "value": "Upgrade to the firmware 2.02.0227 or later\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Use of Hard-coded Credentials in Kiloview NDI N series products API middleware", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n<br>"}], "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:03:39.093Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.kiloview.com/en/support/download/1779/"}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.kiloview.com/en/support/download/n40/"}]}, {"affected": [{"vendor": "kiloview", "product": "ndi_n4_firmware", "cpes": ["cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "2.02.0227", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T15:00:37.605387Z", "id": "CVE-2024-2161", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:06:30.673Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kiloview.com/en/support/download/n3-for-ndi/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://www.kiloview.com/en/support/download/1779/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://www.kiloview.com/en/support/download/n20-firmware-download/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://www.kiloview.com/en/support/download/n30-for-ndi/", "tags": ["release-notes", "x_transferred"]}, {"url": "https://www.kiloview.com/en/support/download/n40/", "tags": ["release-notes", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:03:39.093Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-02T15:00:37.605387Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*", "cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*"], "vendor": "kiloview", "product": "ndi_n4_firmware", "versions": [{"status": "affected", "version": "2.02.0227"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:04:39.386Z"}}], "cna": {"title": "Use of Hard-coded Credentials in Kiloview NDI N series products API middleware", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Milan Duric, EBU"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Kiloview", "product": "NDI", "versions": [{"status": "unaffected", "version": "N3 Firmware 2.02.0227"}, {"status": "unaffected", "version": "N3-s Firmware 2.02.0227"}, {"status": "unaffected", "version": "N4 Firmware 2.02.0227"}, {"status": "unaffected", "version": "N20 Firmware 2.02.0227"}, {"status": "unaffected", "version": "N30 Firmware 2.02.0227"}, {"status": "unaffected", "version": "N40 Firmware 2.02.0227"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Upgrade to the firmware 2.02.0227 or later\n", "supportingMedia": [{"type": "text/html", "value": "Upgrade to the firmware 2.02.0227 or later<br>", "base64": false}]}], "references": [{"url": "https://www.kiloview.com/en/support/download/n3-for-ndi/", "tags": ["release-notes"]}, {"url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/", "tags": ["release-notes"]}, {"url": "https://www.kiloview.com/en/support/download/1779/", "tags": ["release-notes"]}, {"url": "https://www.kiloview.com/en/support/download/n20-firmware-download/", "tags": ["release-notes"]}, {"url": "https://www.kiloview.com/en/support/download/n30-for-ndi/", "tags": ["release-notes"]}, {"url": "https://www.kiloview.com/en/support/download/n40/", "tags": ["release-notes"]}], "workarounds": [{"lang": "en", "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\n", "supportingMedia": [{"type": "text/html", "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects\u00a0Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version\u00a02.02.0227 .\n\n", "supportingMedia": [{"type": "text/html", "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authentication<p>This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2024-03-21T06:00:17.957Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2161", "state": "PUBLISHED", "dateUpdated": "2024-08-02T15:06:30.673Z", "dateReserved": "2024-03-04T13:18:31.014Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2024-03-21T06:00:17.957Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects\u00a0Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version\u00a02.02.0227 .\n\n"}, {"lang": "es", "value": "El uso de credenciales codificadas en Kiloview NDI permite a los usuarios no autenticados omitir la autenticaci\u00f3n. Este problema afecta a Kiloview NDI N3, N3-s, N4, N20, N30, N40 y se solucion\u00f3 en la versi\u00f3n de firmware 2.02.0227."}], "id": "CVE-2024-2161", "lastModified": "2024-11-21T09:09:09.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2024-03-21T06:15:46.690", "references": [{"source": "vulnerability@ncsc.ch", "url": "https://www.kiloview.com/en/support/download/1779/"}, {"source": "vulnerability@ncsc.ch", "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"}, {"source": "vulnerability@ncsc.ch", "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"}, {"source": "vulnerability@ncsc.ch", "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"}, {"source": "vulnerability@ncsc.ch", "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"}, {"source": "vulnerability@ncsc.ch", "url": "https://www.kiloview.com/en/support/download/n40/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kiloview.com/en/support/download/1779/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kiloview.com/en/support/download/n40/"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}