Main Vulnerability Database Vulnerabilities #VU91275

Missing Authentication for Critical Function in Software House iStar Pro Door Controller and iSTAR Configuration Utility (ICU) - CVE-2024-32752

Published: June 7, 2024

Vulnerability identifier: #VU91275

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-32752

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Software House iStar Pro Door Controller
iSTAR Configuration Utility (ICU)

Software vendor:
Johnson Controls

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to missing authentication for critical function. A remote attacker can perform a machine-in-the-middle (MitM) attack and impact door control and configuration.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Missing Authentication for Critical Function in Software House iStar Pro Door Controller and iSTAR Configuration Utility (ICU) - CVE-2024-32752

Description

Remediation

External links

Please verify you're human