Cyber Resilience

CVE-2024-12137

HighUpdated

Published: 19 March 2025

Published
19 March 2025
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
EPSS Score 0.0002 4.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12137 is a high-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Gov (inferred from references). Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Remote Service Session Hijacking (T1563); ranked at the 4.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2024-12137 is an Authentication Bypass by Capture-replay vulnerability in the Elfatek Elektronics ANKA JPD-00028 device, enabling session hijacking. This flaw affects ANKA JPD-00028 versions prior to V.01.01 and is rated with a CVSS v3.1 base score of 7.6 (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H), mapped to CWE-294 (Authentication Bypass by Capture-replay).

An attacker with adjacent network access (AV:A) can exploit this vulnerability with low complexity (AC:L) and no required privileges (PR:N), though it necessitates user interaction (UI:R). Successful exploitation allows session hijacking, resulting in low confidentiality impact (C:L), high integrity impact (I:H), and high availability impact (A:H), potentially compromising the device's authentication mechanisms.

The Turkish National Cyber Incident Response Center (USOM) has issued an advisory on this issue at https://www.usom.gov.tr/bildirim/tr-25-0071, which security practitioners should consult for additional details on detection and response.

EU & UK References

Vulnerability details

Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking. This issue affects ANKA JPD-00028: before V.01.01.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1563 Remote Service Session Hijacking Lateral Movement
Adversaries may take control of preexisting sessions with remote services to move laterally in an environment.
Why these techniques?

The vulnerability enables capture-replay attacks resulting in session hijacking on the affected device, directly facilitating Remote Service Session Hijacking (T1563) by allowing replay of captured authentication data to take control of sessions.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30080Shared CWE-294
CVE-2025-65552Shared CWE-294
CVE-2025-13777Shared CWE-294
CVE-2026-34209Shared CWE-294
CVE-2026-9095Shared CWE-294
CVE-2025-67135Shared CWE-294
CVE-2026-20999Shared CWE-294
CVE-2026-32987Shared CWE-294
CVE-2025-59023Shared CWE-294
CVE-2025-26201Shared CWE-294

Affected Assets

Gov
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires protection of session authenticity, which prevents capture-replay attacks that enable the session hijacking described in CVE-2024-12137.

prevent

Requires proper authenticator management (e.g., unique, time-bound, or nonce-protected credentials) that would block the replay of captured authentication material on the ANKA JPD-00028.

prevent

Mandates cryptographic protection of transmitted information, which would stop an adjacent-network attacker from capturing and replaying valid session tokens.

References