Cyber Resilience

CVE-2024-48123

HighLPE

Published: 15 January 2025

Published
15 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0009 25.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48123 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Diva Portal (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Replication Through Removable Media (T1091); ranked at the 25.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 MP-7 (Media Use) and PE-3 (Physical Access Control).

Deeper analysis

CVE-2024-48123 is a vulnerability in the USB Autorun function of the HI-SCAN 6040i Hitrax HX-03-19-I device. It enables attackers to execute arbitrary code by uploading a crafted script from a USB device. The issue has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) and maps to CWE-426 (Untrusted Search Path). It was published on 2025-01-15.

Exploitation requires local physical access to the device, low privileges, and low attack complexity, with no user interaction needed. A threat actor, such as an insider or someone with brief physical access, can insert a USB drive containing a malicious script that autoruns and executes arbitrary code. This achieves high confidentiality and integrity impacts due to the changed scope, potentially allowing data exfiltration, modification, or privilege escalation on the affected system.

Further details, including potential mitigations, are available in the referenced research document at https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf.

EU & UK References

Vulnerability details

An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1091 Replication Through Removable Media Lateral Movement
Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes.
T1200 Hardware Additions Initial Access
Adversaries may physically introduce computer accessories, networking hardware, or other computing devices into a system or network that can be used as a vector to gain access.
Why these techniques?

Directly enables arbitrary code execution via malicious autorun script on inserted USB (T1091) or hardware addition (T1200).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25880Shared CWE-426
CVE-2025-21399Shared CWE-426
CVE-2025-24789Shared CWE-426
CVE-2025-0707Shared CWE-426
CVE-2025-1756Shared CWE-426
CVE-2025-27167Shared CWE-426
CVE-2025-49457Shared CWE-426
CVE-2026-25926Shared CWE-426
CVE-2026-32009Shared CWE-426
CVE-2026-27290Shared CWE-426

Affected Assets

Diva Portal
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly restricts and controls access to USB ports and I/O devices, preventing attackers from inserting malicious USB drives that trigger autorun execution.

MP-7 Media Use good match
prevent

Restricts the use of USB media on the system, prohibiting the autorun of untrusted scripts from external storage devices.

prevent

Enforces physical access controls to the device, blocking unauthorized insertion of USB drives required for exploitation.

References