CVE-2024-23942

High

Published: 18 March 2025

Published

18 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0003 9.8th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23942 is a high-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Vde (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 9.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-28 (Protection of Information at Rest) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Credentials In Files (T1552.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-28 Protection of Information at Rest good match

prevent

Cryptographic mechanisms protect the confidentiality and integrity of unencrypted sensitive data in the client configuration file, directly preventing local reading for impersonation and modification for DoS.

IA-5 Authenticator Management partial match

prevent

Authenticator management requires protecting credentials or device data stored in the configuration file from local disclosure, mitigating impersonation.

SI-7 Software, Firmware, and Information Integrity partial match

preventdetect

Integrity checks on software and information like the configuration file prevent or detect unauthorized modifications leading to DoS.

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

T1078.004 Cloud Accounts Stealth

Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

Cleartext sensitive data (credentials) in local config file directly enables T1552.001 (Credentials In Files) for local discovery; stolen data facilitates impersonation via T1078.004 (Cloud Accounts) for cloud portal access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.

Deeper analysisAI

CVE-2024-23942 is a vulnerability involving the cleartext storage of sensitive data in a configuration file on a client workstation, classified under CWE-312. This issue affects the software component responsible for accessing a cloud portal, where the unencrypted sensitive data can be discovered by a local user. The vulnerability received a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), highlighting high impacts on confidentiality and availability with low attack complexity and privileges required.

A local attacker with low privileges on the affected client workstation can locate and read the configuration file containing unencrypted sensitive data. This enables the attacker to impersonate the device by leveraging the stolen credentials or data, or to modify the file to prevent the device from accessing the cloud portal, resulting in a denial-of-service condition.

The primary advisory reference is available at https://cert.vde.com/en/advisories/VDE-2024-010, which security practitioners should consult for detailed mitigation guidance and any available patches. The CVE was published on 2025-03-18.