CISA has released a critical alert on March 7, 2024, regarding a severe vulnerability in Chirp Systems’ Chirp Access, marked as CVE-2024-2197. The vulnerability is rated with a CVSS v3 score of 9.1, indicating its high severity. Exploitation of this vulnerability could allow remote attackers to take control, gaining unrestricted physical access to systems utilizing the affected Chirp Access product.
The technical details reveal that the vulnerability stems from the improper storage of credentials within Chirp Access’s source code, potentially exposing sensitive information to unauthorized access. Chirp Systems has not responded to CISA’s requests to collaborate on mitigating this vulnerability. Users of the affected product are strongly advised to contact Chirp Systems support for additional information.
CISA recommends several defensive measures to minimize the risk of exploitation, including minimizing network exposure, isolating control system networks from business networks, and using secure remote access methods like Virtual Private Networks (VPNs). However, organizations are reminded to conduct proper impact analysis and risk assessment before implementing defensive measures.
Reference:
