Kastle Systems CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Kastle Systems CVE published 2024-09-19

CVE-2024-45862

Kastle Systems Access Control System firmware prior to May 1, 2024 stored machine credentials in cleartext, which may allow an attacker to access sensitive information. This vulnerability affects a cloud-based access control solution hosted by Kastle Systems. The vendor has internally fixed the system configuration vulnerabilities with no user interaction required. CISA notes that traditional mitigation s [truncated]

HIGH Kastle Systems CVE published 2024-09-19

CVE-2024-45861

A hard-coded credential vulnerability in Kastle Systems Access Control System firmware prior to May 1, 2024, allows network-based attackers to access sensitive information without authentication. CISA published this advisory on September 19, 2024. The vendor has internally fixed the configuration vulnerabilities with no user action required.