CVE-2024-51978
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-07-25
Assigner: Rapid7, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1391 | The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated attacker who knows the target device's serial number to generate the default administrator password for that device. The attacker can first discover the device's serial number through other vulnerabilities such as CVE-2024-51977 over HTTP/HTTPS/IPP, or by sending PJL or SNMP requests. Essentially, it enables unauthorized access to the device's administrator credentials without needing prior authentication.
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows an unauthenticated attacker to gain administrator-level access to the affected device by generating its default administrator password. With such access, the attacker can fully control the device, potentially leading to data breaches, device misuse, disruption of services, or further attacks within the network. The CVSS score of 9.8 indicates a critical severity with high impact on confidentiality, integrity, and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying devices that expose HTTP (port 80), HTTPS (port 443), IPP (port 631), or PJL (port 9100) services and then attempting to retrieve the device's serial number via CVE-2024-51977 methods such as HTTP/HTTPS/IPP requests, PJL requests, or SNMP requests. Specific commands are not provided in the resources, but network scanning tools targeting these ports and protocols, combined with requests to extract serial numbers, would be the approach to detection. [1]
What immediate steps should I take to mitigate this vulnerability?
The provided resources do not specify immediate mitigation steps for this vulnerability. Therefore, recommended general steps include restricting network access to the affected device's management interfaces (HTTP, HTTPS, IPP, PJL), disabling unnecessary services, and monitoring for unauthorized access attempts. Applying vendor patches or updates once available is also advised.