CVE-2024-52884

High

Published: 07 February 2025

Published

07 February 2025

Modified

01 May 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0005 15.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-52884 is a high-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Audiocodes Mediant Session Border Controller. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Threat & Defense at a Glance

What attackers do: exploitation maps to Credentials In Files (T1552.001). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediating the software flaw in weak password obfuscation directly prevents decryption of passwords from INI configuration exports by applying the vendor patch.

SC-28 Protection of Information at Rest good match

prevent

Protecting passwords in configuration files at rest with strong cryptographic mechanisms comprehensively mitigates the weak obfuscation vulnerability.

IA-5 Authenticator Management good match

prevent

Proper management of authenticators ensures passwords have sufficient strength and are protected from unauthorized disclosure in configuration exports.

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

Why these techniques?

Weak encryption in exported INI config files directly enables recovery of plaintext credentials from files (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.

Deeper analysisAI

CVE-2024-52884 affects AudioCodes Mediant Session Border Controller (SBC) software in versions before 7.40A.501.841. The vulnerability arises from weak password obfuscation and encryption mechanisms used in configuration exports, specifically INI files. This issue, published on 2025-02-07, is categorized under CWE-327 (Broken or Risky Cryptographic Algorithm) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with low attack complexity over the network.

An attacker with access to the INI configuration export files can exploit this flaw to decrypt the obfuscated passwords stored within them. No privileges, user interaction, or special conditions beyond obtaining the export are required, enabling remote exploitation if the files are accessible via misconfigurations, theft, or other means.

The SYSS advisory (SYSS-2024-078) at https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-078.txt and AudioCodes Session Border Controllers product page at https://www.audiocodes.com/solutions-products/products/session-border-controllers-sbcs provide additional details on the vulnerability.