Cyber Resilience

CVE-2024-5514

Critical

Published: 30 May 2024

Published
30 May 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0023 46.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5514 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Org (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 46.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in…

more

to the backend system without being recorded in the system logs.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Org
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-798 CWE-912

Strategy enforces supplier requirements and code reviews that reduce hard-coded credentials introduced through acquired products.

addresses: CWE-798 CWE-912

Vetting individuals before they occupy roles that touch credentials or secrets reduces the likelihood of hard-coded credentials being introduced or abused.

addresses: CWE-912 CWE-798

Hunting identifies hidden functionality used for persistence or evasion after initial compromise.

addresses: CWE-912 CWE-798

Vetting and integrity controls during acquisition reduce the likelihood of hidden backdoors or malicious functionality introduced by suppliers.

addresses: CWE-912 CWE-798

Addresses hidden functionality by mandating evidence that the system or component contains no undocumented or unauthorized capabilities that could be exploited.

addresses: CWE-798 CWE-912

Vetting reduces the chance a developer will deliberately insert hard-coded credentials as a backdoor or unauthorized access mechanism.

addresses: CWE-798

Enables users to notice when hard-coded credentials have been exploited for unauthorized access.

addresses: CWE-798

Security training explicitly warns against hard-coded credentials, lowering their use in systems.

References