CVE-2024-2197

CVSS V2 None CVSS V3 None

Description

The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points.

Overview

CVE ID
CVE-2024-2197

Assigner
icscert

Vulnerability Status
PUBLISHED

Published Version
2024-03-19T23:46:14.505Z

Last Modified Date
2024-06-05T22:46:03.171Z

Weakness Enumerations

CWE	URL
CWE-259	http://cwe.mitre.org/data/definitions/259.html

References

Reference URL	Reference Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01
https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-2197
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2197

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 00:18:49				Added to TrackCVE