CVE-2024-45837

MEDIUM

AIPHONE IX SYSTEM - Info Disclosure

Title source: llm

Description

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files.

References (5)

[Various Sources] https://www.aiphone.net/support/software-documents/ix/

[Various Sources] https://www.aiphone.net/support/software-documents/ixg/

[Various Sources] https://www.aiphone.net/important/20241016_1/

[Third Party Advisory] https://jvn.jp/en/jp/JVN41397971/

[Various Sources] https://www.aiphone.net/important/20241016_2/

Scores

CVSS v3 5.4

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-321

Status published

Products (50)

AIPHONE CO., LTD./IX-BA firmware Ver.7.30 and earlier

AIPHONE CO., LTD./IX-BAU firmware Ver.7.30 and earlier

AIPHONE CO., LTD./IX-BB firmware Ver.7.30 and earlier

AIPHONE CO., LTD./IX-BBT firmware Ver.7.30 and earlier

AIPHONE CO., LTD./IX-BU firmware Ver.7.30 and earlier

AIPHONE CO., LTD./IX-DA firmware Ver.7.30 and earlier

AIPHONE CO., LTD./IX-DAU firmware Ver.7.30 and earlier

AIPHONE CO., LTD./IX-DB firmware Ver.7.30 and earlier

AIPHONE CO., LTD./IX-DBT firmware Ver.7.30 and earlier

AIPHONE CO., LTD./IX-DU firmware Ver.7.30 and earlier

... and 40 more

Published Nov 22, 2024

Tracked Since Feb 18, 2026