Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
Fixes

Solution

Kastle Systems have fixed the system configuration vulnerabilities internally. No user interaction is required.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00121}

epss

{'score': 0.00128}


Mon, 30 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Kastle
Kastle access Control System
Kastle access Control System Firmware
CPEs cpe:2.3:h:kastle:access_control_system:-:*:*:*:*:*:*:*
cpe:2.3:o:kastle:access_control_system_firmware:*:*:*:*:*:*:*:*
Vendors & Products Kastle
Kastle access Control System
Kastle access Control System Firmware
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Fri, 20 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Kastlesystems
Kastlesystems access Control System Firmware
CPEs cpe:2.3:o:kastlesystems:access_control_system_firmware:*:*:*:*:*:*:*:*
Vendors & Products Kastlesystems
Kastlesystems access Control System Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 16:00:00 +0000

Type Values Removed Values Added
Description Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
Title Use of Hard-coded Credentials in Kastle Systems Access Control System
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-09-20T13:05:06.549Z

Reserved: 2024-09-10T16:56:59.252Z

Link: CVE-2024-45861

cve-icon Vulnrichment

Updated: 2024-09-19T17:51:32.296Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-19T16:15:05.103

Modified: 2024-09-30T19:25:01.957

Link: CVE-2024-45861

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.