CVE-2024-38279 MEDIUM

CVE-2024-38279: Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

Vendor Motorola Solutions
Product Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
Weakness CWE-288
Published June 13, 2024
Last update August 2, 2024

CVSS base score

5.1/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.

Key dates

02Disclosure timeline

June 13, 2024 CVE published
August 2, 2024 Record updated