Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.
Fixes

Solution

Avtec recommends users update to Outpost v5.0 to resolve. * When upgrading to Outpost Version 5.0.0 or later, reset the list of users to the default. More information and instructions can be found on Avtec's Outpost Uploader Utility User Guide https://connect.avtecinc.com/bundle/Outpost_Uploader_Utility_User_Guide/page/Content/Outpost_User_Guide/Reset_Web_Auth.html  for more information. * Restrict access to port 80 or disable web interface if possible. Additionally, Avtec recommends checking devices for Scout firmware versions prior to 5.8.1, which was commonly coupled with Outpost firmware. If so, the devices may also need to be updated to the latest firmware. For more information, please visit Scout Release Notes https://connect.avtecinc.com/bundle/Scout_Release_Notes_5_8/resource/Release_Notes_Scout.pdf .


Workaround

No workaround given by the vendor.

History

Wed, 04 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Avtecinc
Avtecinc outpost 0810
Avtecinc outpost 0810 Firmware
Avtecinc outpost Uploader Utility
CPEs cpe:2.3:a:avtecinc:outpost_uploader_utility:*:*:*:*:*:*:*:*
cpe:2.3:h:avtecinc:outpost_0810:-:*:*:*:*:*:*:*
cpe:2.3:o:avtecinc:outpost_0810_firmware:*:*:*:*:*:*:*:*
Vendors & Products Avtecinc
Avtecinc outpost 0810
Avtecinc outpost 0810 Firmware
Avtecinc outpost Uploader Utility

Thu, 22 Aug 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Avtec
Avtec outpost 0810
Avtec outpost Uploader Utility
CPEs cpe:2.3:a:avtec:outpost_0810:*:*:*:*:*:*:*:*
cpe:2.3:a:avtec:outpost_uploader_utility:*:*:*:*:*:*:*:*
Vendors & Products Avtec
Avtec outpost 0810
Avtec outpost Uploader Utility
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 22 Aug 2024 20:00:00 +0000

Type Values Removed Values Added
Description Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.
Title Avtec Outpost Storage of File with Sensitive Data Under Web Root
Weaknesses CWE-219
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-08-22T20:40:44.874Z

Reserved: 2024-08-12T21:29:23.315Z

Link: CVE-2024-39776

cve-icon Vulnrichment

Updated: 2024-08-22T20:40:34.216Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-22T20:15:08.750

Modified: 2024-09-04T18:25:51.920

Link: CVE-2024-39776

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.