PatchSiren cyber security CVE debrief
CVE-2024-45367 Optigo Networks CVE debrief
CVE-2024-45367 is a critical authentication bypass vulnerability in the Optigo Networks ONS-S8 Spectra Aggregation Switch, published by CISA on October 1, 2024. The device's web server contains an incomplete authentication process that allows attackers to authenticate without providing a password, enabling unauthorized administrative access to the switch management interface. The vulnerability affects ONS-S8 devices running firmware version 1.3.7 and earlier. With a CVSS 3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), this represents a critical risk due to network-accessible exploitation requiring no privileges or user interaction, granting attackers high-impact confidentiality and integrity access to OT network infrastructure. No patch is currently available; CISA and Optigo Networks recommend network-layer mitigations including dedicated management VLANs, isolated NIC connections, firewall whitelisting, and VPN-only access to the OneView management interface.
- Vendor
- Optigo Networks
- Product
- ONS-S8 - Spectra Aggregation Switch
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-01
- Original CVE updated
- 2024-10-01
- Advisory published
- 2024-10-01
- Advisory updated
- 2024-10-01
Who should care
OT security teams managing building automation networks, critical infrastructure operators using Optigo Networks Spectra switches, ICS asset owners with ONS-S8 deployments, network administrators responsible for OT/IT boundary protection, and compliance teams tracking CISA ICS advisories for industrial control system risk management.
Technical summary
The ONS-S8 Spectra Aggregation Switch web server implements an incomplete authentication process that fails to properly validate credentials, permitting authentication without password verification. This logic flaw enables unauthenticated remote attackers to gain administrative access to the device's OneView management interface. The vulnerability is network-exploitable with low attack complexity, requiring no privileges or user interaction. Affected versions are 1.3.7 and earlier. No CVE-specific patch exists; mitigation relies on network segmentation and access control measures to limit exposure of the management plane.
Defensive priority
critical
Recommended defensive actions
- Isolate ONS-S8 management interfaces to dedicated VLANs with no direct internet exposure
- Implement firewall whitelisting to restrict OneView management access to authorized administrative hosts only
- Require VPN connectivity for all remote OneView management sessions
- Deploy dedicated NIC on BMS computers exclusively for OneView OT network management connections
- Monitor for unauthorized authentication attempts to ONS-S8 web interfaces
- Apply vendor firmware updates when released by Optigo Networks
- Review OT network segmentation to limit lateral movement if switch compromise occurs
Evidence notes
Vulnerability description and affected product version (<=1.3.7) confirmed via CISA CSAF advisory ICSA-24-275-01. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N sourced from official CISA CSAF document. Authentication bypass mechanism described as 'incomplete authentication process' in source. Remediation guidance directly quoted from vendor recommendations in CSAF remediations section.
Official resources
-
CVE-2024-45367 CVE record
CVE.org
-
CVE-2024-45367 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-01