Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
Fixes

Solution

Avtec recommends users update to Outpost v5.0 to resolve. * When upgrading to Outpost Version 5.0.0 or later, reset the list of users to the default. More information and instructions can be found on Avtec's Outpost Uploader Utility User Guide https://connect.avtecinc.com/bundle/Outpost_Uploader_Utility_User_Guide/page/Content/Outpost_User_Guide/Reset_Web_Auth.html  for more information. * Restrict access to port 80 or disable web interface if possible. Additionally, Avtec recommends checking devices for Scout firmware versions prior to 5.8.1, which was commonly coupled with Outpost firmware. If so, the devices may also need to be updated to the latest firmware. For more information, please visit Scout Release Notes https://connect.avtecinc.com/bundle/Scout_Release_Notes_5_8/resource/Release_Notes_Scout.pdf .


Workaround

No workaround given by the vendor.

History

Wed, 04 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Avtecinc
Avtecinc outpost 0810
Avtecinc outpost 0810 Firmware
Avtecinc outpost Uploader Utility
CPEs cpe:2.3:a:avtecinc:outpost_uploader_utility:*:*:*:*:*:*:*:*
cpe:2.3:h:avtecinc:outpost_0810:-:*:*:*:*:*:*:*
cpe:2.3:o:avtecinc:outpost_0810_firmware:*:*:*:*:*:*:*:*
Vendors & Products Avtecinc
Avtecinc outpost 0810
Avtecinc outpost 0810 Firmware
Avtecinc outpost Uploader Utility

Thu, 22 Aug 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Avtec
Avtec outpost 0810
Avtec outpost Uploader Utility
CPEs cpe:2.3:a:avtec:outpost_0810:*:*:*:*:*:*:*:*
cpe:2.3:a:avtec:outpost_uploader_utility:*:*:*:*:*:*:*:*
Vendors & Products Avtec
Avtec outpost 0810
Avtec outpost Uploader Utility
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 22 Aug 2024 20:00:00 +0000

Type Values Removed Values Added
Description Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
Title Avtec Outpost Use of Hard-coded Cryptographic Key
Weaknesses CWE-321
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-08-22T20:14:28.840Z

Reserved: 2024-08-12T21:29:23.306Z

Link: CVE-2024-42418

cve-icon Vulnrichment

Updated: 2024-08-22T20:14:20.519Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-22T20:15:09.470

Modified: 2024-09-04T18:22:22.583

Link: CVE-2024-42418

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.