CVE-2024-45643
Published: 14 March 2025
Summary
CVE-2024-45643 is a medium-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ibm Security Qradar Edr. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 14.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-13 mandates FIPS-validated cryptography and prohibits outdated or insecure algorithms, directly preventing the use of weak cryptographic algorithms that enable decryption of sensitive credentials.
SI-2 requires timely identification, reporting, and correction of security flaws like the weak cryptographic algorithms in QRadar EDR, mitigating the vulnerability through patching or upgrades.
SC-28 enforces cryptographic protection of information at rest using FIPS-validated modules, addressing decryption risks for stored sensitive credential information.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote exploitation of weak cryptography to decrypt and obtain sensitive credentials, directly mapping to Exploitation for Credential Access.
NVD Description
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
Deeper analysisAI
IBM Security QRadar 3.12 EDR is affected by CVE-2024-45643, a vulnerability stemming from the use of weaker than expected cryptographic algorithms. This issue, classified under CWE-327 (Broken or Risky Cryptographic Algorithm), enables an attacker to decrypt sensitive credential information stored or transmitted by the product. The vulnerability received a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact but no integrity or availability effects.
A remote attacker with no privileges or user interaction required can exploit this over the network, though it demands high attack complexity. Successful exploitation allows the attacker to decrypt sensitive credential information, potentially exposing authentication data or other secrets used within QRadar 3.12 EDR environments.
IBM has published a security advisory with details on mitigation at https://www.ibm.com/support/pages/node/7185938. Security practitioners should consult this bulletin for patch availability, workaround guidance, and affected version specifics.
Details
- CWE(s)