Access Commander Vulnerability in 2N Products
CVE-2024-47256

6MEDIUM

Key Information:

Vendor: 2n
Status: 2n Access Commander
Vendor: CVE Published:; 6 February 2025

What is CVE-2024-47256?

An access control vulnerability exists in 2N Access Commander versions up to 1.14 that permits authorized users with Admin access to read a hardcoded AES passphrase. This passphrase can be exploited to decrypt sensitive data stored within backup files, potentially exposing critical information and creating a security risk for organizations using the affected versions.

Affected Version(s)

2N Access Commander 2N Access Commander 1.14 and prior

References

https://www.2n.com/en-GB/download/cve_2024_47256_acom_3_3...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Sep 23, 2024