Cyber Posture

CVE-2024-12137

High

Published: 19 March 2025

Published
19 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
EPSS Score 0.0002 3.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12137 is a high-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Gov (inferred from references). Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Remote Service Session Hijacking (T1563); ranked at the 3.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Remote Service Session Hijacking (T1563). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match
prevent

Directly requires mechanisms like nonces, timestamps, or challenge-response to protect communication session authenticity against capture-replay attacks enabling session hijacking.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, testing, and installation of software patches to remediate the specific authentication bypass vulnerability fixed in ANKA JPD-00028 V.01.01.

IA-11 Re-authentication partial match
prevent

Mandates re-authentication for session re-establishment or specific events, limiting the impact and duration of potential session hijacking via replay.

MITRE ATT&CK Enterprise TechniquesAI

T1563 Remote Service Session Hijacking Lateral Movement
Adversaries may take control of preexisting sessions with remote services to move laterally in an environment.
attack.mitre.org →
Why these techniques?

The vulnerability enables capture-replay attacks resulting in session hijacking on the affected device, directly facilitating Remote Service Session Hijacking (T1563) by allowing replay of captured authentication data to take control of sessions.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01.

Deeper analysisAI

CVE-2024-12137 is an Authentication Bypass by Capture-replay vulnerability in the Elfatek Elektronics ANKA JPD-00028 device, enabling session hijacking. This flaw affects ANKA JPD-00028 versions prior to V.01.01 and is rated with a CVSS v3.1 base score of 7.6 (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H), mapped to CWE-294 (Authentication Bypass by Capture-replay).

An attacker with adjacent network access (AV:A) can exploit this vulnerability with low complexity (AC:L) and no required privileges (PR:N), though it necessitates user interaction (UI:R). Successful exploitation allows session hijacking, resulting in low confidentiality impact (C:L), high integrity impact (I:H), and high availability impact (A:H), potentially compromising the device's authentication mechanisms.

The Turkish National Cyber Incident Response Center (USOM) has issued an advisory on this issue at https://www.usom.gov.tr/bildirim/tr-25-0071, which security practitioners should consult for additional details on detection and response.

Details

CWE(s)
CWE-294

Affected Products

Gov
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-32987Shared CWE-294
CVE-2025-65552Shared CWE-294
CVE-2025-13777Shared CWE-294
CVE-2026-34209Shared CWE-294
CVE-2025-26201Shared CWE-294
CVE-2026-20999Shared CWE-294
CVE-2025-67135Shared CWE-294
CVE-2026-30080Shared CWE-294
CVE-2025-59023Shared CWE-294
CVE-2026-30789Shared CWE-294

References