CVE-2024-2422 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-2422?

CVE-2024-2422 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated attackers to execute arbitrary commands on LenelS2 NetBox access control and event monitoring systems. Organizations using NetBox versions 5.6.1 and earlier are affected, potentially compromising physical security systems.

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary commands on LenelS2 NetBox access control and event monitoring systems. Organizations using NetBox versions 5.6.1 and earlier are affected, potentially compromising physical security systems.

💻 Affected Systems

Products:

LenelS2 NetBox

Versions: 5.6.1 and earlier

Operating Systems: Windows Server

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the NetBox web interface.

📦 What is this software?

Lenels2 Netbox by Honeywell

View all CVEs affecting Lenels2 Netbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to disable physical access controls, manipulate security logs, and pivot to other network systems.

🟠

Likely Case

Unauthorized access to physical facilities, data exfiltration, and disruption of security monitoring capabilities.

🟢

If Mitigated

Limited impact if proper network segmentation and authentication controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid credentials but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.6.2 or later

Vendor Advisory: https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf

Restart Required: Yes

Instructions:

1. Download NetBox 5.6.2 or later from LenelS2 support portal. 2. Backup current configuration and database. 3. Run installer with administrative privileges. 4. Restart NetBox services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate NetBox systems from general network access

Authentication Hardening

all

Implement multi-factor authentication and strong password policies

🧯 If You Can't Patch

Implement strict network access controls to limit NetBox access to authorized IPs only
Enable detailed logging and monitoring for suspicious authentication and command execution attempts

🔍 How to Verify

Check if Vulnerable:

Check NetBox version in web interface under Help > About or via Windows Services console

Check Version:

sc query "NetBox" | findstr /i "display_name"

Verify Fix Applied:

Confirm version is 5.6.2 or later and test authentication and command functionality

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Command execution in application logs
Multiple failed login attempts followed by successful login

Network Indicators:

Unusual outbound connections from NetBox server
Traffic to unexpected ports

SIEM Query:

source="netbox" AND (event_type="command_execution" OR auth_failure_count>5)

📊 Metadata

CVE ID: CVE-2024-2422

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-88

Published: May 30, 2024

Last Updated: February 2, 2026

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01 US Government Resource,Vendor Advisory
https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf Broken Link
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01 US Government Resource,Vendor Advisory
https://www.corporate.carrier.com/Images/CARR-PSA-2024-01-NetBox_tcm558-227956.pdf Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2422, you might also want to check these: