CVE-2024-32864
📋 TL;DR
CVE-2024-32864 is a security misconfiguration vulnerability in exacqVision Web Services where HTTPS enforcement fails under certain circumstances, allowing cleartext HTTP communication. This affects organizations using Johnson Controls exacqVision video management systems, potentially exposing sensitive video surveillance data and credentials.
💻 Affected Systems
- Johnson Controls exacqVision
📦 What is this software?
Exacqvision Web Service by Johnsoncontrols
⚠️ Risk & Real-World Impact
Worst Case
Attackers intercept sensitive video surveillance footage, credentials, and system data in transit, leading to privacy violations, operational disruption, and potential physical security compromise.
Likely Case
Man-in-the-middle attacks capturing administrative credentials and video streams, enabling unauthorized access to surveillance systems and sensitive areas.
If Mitigated
Limited exposure with proper network segmentation and monitoring, but still potential for credential harvesting if HTTPS isn't enforced.
🎯 Exploit Status
Exploitation requires network access to intercept traffic; no authentication needed to observe unencrypted traffic when HTTPS enforcement fails.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Johnson Controls advisory for specific patched versions
Vendor Advisory: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Restart Required: Yes
Instructions:
1. Review Johnson Controls advisory for affected versions. 2. Apply vendor-provided patches. 3. Restart exacqVision services. 4. Verify HTTPS enforcement is working.
🔧 Temporary Workarounds
Force HTTPS via Network Controls
allConfigure network devices to redirect all HTTP traffic to HTTPS or block HTTP access to exacqVision web services
Network Segmentation
allIsolate exacqVision systems to trusted network segments with strict access controls
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to exacqVision systems
- Deploy network monitoring and IDS/IPS to detect cleartext traffic interception attempts
🔍 How to Verify
Check if Vulnerable:
Attempt HTTP access to exacqVision web interface; if it loads without redirecting to HTTPS, system may be vulnerable. Monitor network traffic for cleartext HTTP sessions.Check Version:
Check exacqVision Server version in web interface under Help > About or server administration consoleVerify Fix Applied:
Verify all web access requires HTTPS and HTTP requests are redirected or blocked. Check version against patched releases in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- HTTP access logs showing cleartext connections to exacqVision web services
- Failed HTTPS redirect attempts
Network Indicators:
- Cleartext HTTP traffic to exacqVision web ports (typically 80/8080)
- Lack of TLS/SSL encryption on web traffic
SIEM Query:
source_ip="exacqvision_server" AND (protocol="HTTP" OR port=80 OR port=8080) AND NOT protocol="HTTPS"