CVE-2024-32758
📋 TL;DR
CVE-2024-32758 is a cryptographic weakness in exacqVision video management systems where client-server communication uses insufficient key length during key exchange, potentially allowing attackers to decrypt or manipulate surveillance data. This affects organizations using exacqVision Client and Server software for security monitoring. The vulnerability stems from inadequate encryption strength in certain communication scenarios.
💻 Affected Systems
- exacqVision Client
- exacqVision Server
📦 What is this software?
Exacqvision Client by Johnsoncontrols
Exacqvision Server by Johnsoncontrols
⚠️ Risk & Real-World Impact
Worst Case
Attackers could decrypt live surveillance feeds, manipulate video evidence, inject false footage, or disrupt security monitoring operations, potentially enabling physical security breaches.
Likely Case
Eavesdropping on surveillance communications, decrypting recorded footage, or disrupting video streams in targeted attacks against vulnerable systems.
If Mitigated
Limited impact with proper network segmentation and monitoring, though encrypted communications remain theoretically vulnerable to cryptanalysis.
🎯 Exploit Status
Exploitation requires network access to client-server communications and cryptographic analysis capabilities; no public exploits known at advisory publication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Johnson Controls advisory for specific patched versions
Vendor Advisory: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Restart Required: Yes
Instructions:
1. Review Johnson Controls security advisory ICSA-24-214-01. 2. Download and apply the latest exacqVision updates from official sources. 3. Restart both exacqVision Server and Client services. 4. Verify communication uses proper encryption.
🔧 Temporary Workarounds
Network Segmentation
allIsolate exacqVision systems from untrusted networks to limit attack surface
VPN Tunnel Enforcement
allRequire all client-server communications to use VPN with strong encryption
🧯 If You Can't Patch
- Segment exacqVision network completely from internet and untrusted internal networks
- Implement network monitoring for unusual traffic patterns between exacqVision components
🔍 How to Verify
Check if Vulnerable:
Check exacqVision version against Johnson Controls advisory; monitor network traffic for weak encryption handshakesCheck Version:
In exacqVision Client/Server interface: Help → About or check installed program versionVerify Fix Applied:
Verify updated version is installed; use network analysis tools to confirm proper key exchange length📡 Detection & Monitoring
Log Indicators:
- Failed encryption handshakes
- Unusual connection patterns between clients and servers
Network Indicators:
- Short key exchange packets
- Unencrypted or weakly encrypted video streams
SIEM Query:
source="exacqvision" AND (event_type="connection_error" OR protocol="weak_crypto")