CVE-2024-12137
Published: 19 March 2025
Summary
CVE-2024-12137 is a high-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Gov (inferred from references). Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Remote Service Session Hijacking (T1563); ranked at the 4.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and IA-5 (Authenticator Management).
Deeper analysis
CVE-2024-12137 is an Authentication Bypass by Capture-replay vulnerability in the Elfatek Elektronics ANKA JPD-00028 device, enabling session hijacking. This flaw affects ANKA JPD-00028 versions prior to V.01.01 and is rated with a CVSS v3.1 base score of 7.6 (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H), mapped to CWE-294 (Authentication Bypass by Capture-replay).
An attacker with adjacent network access (AV:A) can exploit this vulnerability with low complexity (AC:L) and no required privileges (PR:N), though it necessitates user interaction (UI:R). Successful exploitation allows session hijacking, resulting in low confidentiality impact (C:L), high integrity impact (I:H), and high availability impact (A:H), potentially compromising the device's authentication mechanisms.
The Turkish National Cyber Incident Response Center (USOM) has issued an advisory on this issue at https://www.usom.gov.tr/bildirim/tr-25-0071, which security practitioners should consult for additional details on detection and response.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54106
Vulnerability details
Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking. This issue affects ANKA JPD-00028: before V.01.01.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables capture-replay attacks resulting in session hijacking on the affected device, directly facilitating Remote Service Session Hijacking (T1563) by allowing replay of captured authentication data to take control of sessions.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires protection of session authenticity, which prevents capture-replay attacks that enable the session hijacking described in CVE-2024-12137.
Requires proper authenticator management (e.g., unique, time-bound, or nonce-protected credentials) that would block the replay of captured authentication material on the ANKA JPD-00028.
Mandates cryptographic protection of transmitted information, which would stop an adjacent-network attacker from capturing and replaying valid session tokens.