CVE-2024-38280: Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
First published: Thu Jun 13 2024(Updated: )
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Motorola Vigilant Fixed Lpr Coms Box Firmware | <=3.1.171.9 | |
| Motorola Vigilant Fixed Lpr Coms Box |
Remedy
Motorola Solutions recommends the following for each identified vulnerability: CVE-2024-38280: * Apply encryption to all Criminal Justice Information (CJI) data. * Apply full disk encryption with LUKS encryption standards and add password protection to the GRUB Bootloader. * Perform column-level encryption for sensitive data in the database. All devices shipped after May 10, 2024 are already using full disk encryption. All devices that are not able to have full disk encryption applied have had all CJI data encrypted. No further actions are required by customers.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- agent/title
- agent/references
- agent/remedy
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/tags
- vendor/motorola
- canonical/motorola vigilant fixed lpr coms box firmware
- version/motorola vigilant fixed lpr coms box firmware/3.1.171.9
- canonical/motorola vigilant fixed lpr coms box