CVE-2024-48123

HighLPE

Published: 15 January 2025

Published

15 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS Score 0.0006 20.2th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48123 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Diva Portal (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Replication Through Removable Media (T1091); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 MP-7 (Media Use) and PE-3 (Physical Access Control).

Threat & Defense at a Glance

What attackers do: exploitation maps to Replication Through Removable Media (T1091) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-41 Port and I/O Device Access good match

prevent

Directly restricts and controls access to USB ports and I/O devices, preventing attackers from inserting malicious USB drives that trigger autorun execution.

MP-7 Media Use good match

prevent

Restricts the use of USB media on the system, prohibiting the autorun of untrusted scripts from external storage devices.

PE-3 Physical Access Control good match

prevent

Enforces physical access controls to the device, blocking unauthorized insertion of USB drives required for exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1091 Replication Through Removable Media Lateral Movement

Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes.

attack.mitre.org →

T1200 Hardware Additions Initial Access

Adversaries may physically introduce computer accessories, networking hardware, or other computing devices into a system or network that can be used as a vector to gain access.

attack.mitre.org →

Why these techniques?

Directly enables arbitrary code execution via malicious autorun script on inserted USB (T1091) or hardware addition (T1200).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device.

Deeper analysisAI

CVE-2024-48123 is a vulnerability in the USB Autorun function of the HI-SCAN 6040i Hitrax HX-03-19-I device. It enables attackers to execute arbitrary code by uploading a crafted script from a USB device. The issue has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) and maps to CWE-426 (Untrusted Search Path). It was published on 2025-01-15.

Exploitation requires local physical access to the device, low privileges, and low attack complexity, with no user interaction needed. A threat actor, such as an insider or someone with brief physical access, can insert a USB drive containing a malicious script that autoruns and executes arbitrary code. This achieves high confidentiality and integrity impacts due to the changed scope, potentially allowing data exfiltration, modification, or privilege escalation on the affected system.

Further details, including potential mitigations, are available in the referenced research document at https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf.