CVE-2024-32752

EUVD-2024-30539
The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated
communications with ICU, which may allow an attacker to gain unauthorized access
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
icu
bionic
not-affected
focal
not-affected
jammy
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04
https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf