CVE-2024-32865 – CVE-2024-32865 is a TLS certificate validation ... (How to Fix)

Q: What is the severity of CVE-2024-32865?

CVE-2024-32865 has a CVSS score of 6.4 (MEDIUM). CVE-2024-32865 is a TLS certificate validation vulnerability in exacqVision Server that allows man-in-the-middle attacks when connecting to devices. Attackers can intercept or manipulate communications between the server and connected devices. This affects organizations using exacqVision Server for video surveillance and security systems.

📋 TL;DR

CVE-2024-32865 is a TLS certificate validation vulnerability in exacqVision Server that allows man-in-the-middle attacks when connecting to devices. Attackers can intercept or manipulate communications between the server and connected devices. This affects organizations using exacqVision Server for video surveillance and security systems.

💻 Affected Systems

Products:

exacqVision Server

Versions: Versions prior to 22.12.3.0

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects connections to devices like cameras and encoders when using TLS. Requires specific circumstances where certificate validation is bypassed.

📦 What is this software?

Exacqvision Server by Johnsoncontrols

View all CVEs affecting Exacqvision Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept video feeds, manipulate camera controls, inject malicious data, or gain unauthorized access to the surveillance network.

🟠

Likely Case

Man-in-the-middle attacks allowing interception of video streams and metadata, potentially exposing sensitive surveillance footage.

🟢

If Mitigated

Limited impact with proper network segmentation and certificate validation controls in place.

🌐 Internet-Facing: MEDIUM - If server is exposed to internet, attackers could intercept communications, but requires specific network positioning.

🏢 Internal Only: MEDIUM - Internal attackers or compromised devices could exploit this to intercept surveillance data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires man-in-the-middle position between server and devices. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.12.3.0 and later

Vendor Advisory: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories

Restart Required: Yes

Instructions:

1. Download exacqVision Server version 22.12.3.0 or later from Johnson Controls support portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the exacqVision Server service.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate exacqVision Server and connected devices on separate VLAN to limit attack surface

Certificate Pinning

all

Implement certificate pinning for critical devices if supported by configuration

🧯 If You Can't Patch

Segment network to isolate exacqVision Server from untrusted networks
Monitor network traffic for unexpected TLS certificate changes or man-in-the-middle patterns

🔍 How to Verify

Check if Vulnerable:

Check exacqVision Server version in administration interface. Versions below 22.12.3.0 are vulnerable.

Check Version:

Check via exacqVision Server web interface: Admin > System > About

Verify Fix Applied:

Verify version is 22.12.3.0 or higher in administration interface and test TLS connections to devices.

📡 Detection & Monitoring

Log Indicators:

Failed TLS handshake logs
Certificate validation errors
Unexpected device connection attempts

Network Indicators:

Unexpected TLS certificate changes between server and devices
Man-in-the-middle patterns in network traffic

SIEM Query:

source="exacqvision" AND (event_type="tls_error" OR certificate_validation="failed")

📊 Metadata

CVE ID: CVE-2024-32865

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-295

Published: August 1, 2024

Last Updated: August 9, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-05 Third Party Advisory,US Government Resource
https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32865, you might also want to check these: