CVE-2024-5514
Published: 30 May 2024
Summary
CVE-2024-5514 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Org (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked at the 46.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47119
Vulnerability details
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in…
more
to the backend system without being recorded in the system logs.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Strategy enforces supplier requirements and code reviews that reduce hard-coded credentials introduced through acquired products.
Vetting individuals before they occupy roles that touch credentials or secrets reduces the likelihood of hard-coded credentials being introduced or abused.
Hunting identifies hidden functionality used for persistence or evasion after initial compromise.
Vetting and integrity controls during acquisition reduce the likelihood of hidden backdoors or malicious functionality introduced by suppliers.
Addresses hidden functionality by mandating evidence that the system or component contains no undocumented or unauthorized capabilities that could be exploited.
Vetting reduces the chance a developer will deliberately insert hard-coded credentials as a backdoor or unauthorized access mechanism.
Enables users to notice when hard-coded credentials have been exploited for unauthorized access.
Security training explicitly warns against hard-coded credentials, lowering their use in systems.