CVE-2024-32865: exacqVison - TLS certificate validation
Published Aug 1, 2024
·Updated
Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.
Affected Software
1 affected component
Johnsoncontrols Exacqvision Server<24.06
Remediation
Information
Update exacqVision Server and exacqVision Client to version 24.06
Event History
Aug 1, 2024
CVE Published
via MITRE·09:13 PM
Data Sourced
via MITRE·09:13 PM
RemedyDescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2024-32865?
CVE-2024-32865 has a medium severity rating due to improper validation of TLS certificates.
2
How do I fix CVE-2024-32865?
To fix CVE-2024-32865, ensure that you update the exacqVision Server to a secure version above 24.06.
3
What is affected by CVE-2024-32865?
CVE-2024-32865 affects exacqVision Server versions below 24.06.
4
What are the risks associated with CVE-2024-32865?
The risks include potential man-in-the-middle attacks due to improper TLS certificate validation.
5
Can CVE-2024-32865 be exploited remotely?
Yes, CVE-2024-32865 can be exploited remotely by attackers leveraging the vulnerable certificate validation.