cbcvebase.
CVE-2024-2420
published 2024-05-30

CVE-2024-2420: LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.51%
39.3th percentile
LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.

Affected

4 ranges
VendorProductVersion rangeFixed in
honeywelllenels2_netbox< 5.6.25.6.2
lenels2netboxAll – 5.6.1
msrcmicrosoft_edge
msrcmicrosoft_edge_extended_stable

Detection & IOCsextracted from sources · hover to see the quote

  • Target product: LenelS2 NetBox access control and event monitoring system running versions prior to and including 5.6.1 is vulnerable to hardcoded credential authentication bypass (CVE-2024-2420). Scan/fingerprint NetBox instances exposed to the network.
  • CVE-2024-2420 is exploitable remotely with no authentication and low attack complexity (CVSS v3.1 9.8, AV:N/AC:L/PR:N/UI:N). Prioritize detection of unauthenticated login attempts against NetBox management interfaces.
  • Successful exploitation of CVE-2024-2420 (hardcoded credentials) may be chained with CVE-2024-2421 (unauthenticated RCE) and CVE-2024-2422 (authenticated RCE/argument injection) to achieve full system compromise with elevated permissions on LenelS2 NetBox devices.
  • ·No specific hardcoded credential values, hashes, or exploit payloads are publicly disclosed in the available sources. The exact credential strings are not documented, limiting signature-based detection of credential use.
  • ·No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at time of publication (May 30, 2024), so no in-the-wild IOCs are available.
  • ·The fixed version is NetBox 5.6.2. All deployments on versions ≤5.6.1 should be treated as potentially compromised. Upgrade requires contacting an authorized installer.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.8HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc9.6CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.