CVE-2024-32932
📋 TL;DR
CVE-2024-32932 allows authenticated users to recover other users' credentials from the web interface under certain circumstances. This affects Johnson Controls Metasys products and could lead to unauthorized access to sensitive systems. The vulnerability requires authenticated access but enables credential harvesting.
💻 Affected Systems
- Johnson Controls Metasys products
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could harvest administrator credentials, gain full system control, and potentially pivot to other critical infrastructure systems.
Likely Case
An authenticated user with malicious intent could steal credentials of other users, leading to unauthorized access to building management systems and potential operational disruption.
If Mitigated
With proper access controls and monitoring, impact is limited to credential exposure of users with similar or lower privileges than the attacker.
🎯 Exploit Status
Exploitation requires authenticated access to the web interface; the vulnerability allows credential recovery through the interface itself.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Consult Johnson Controls advisory for specific patched versions
Vendor Advisory: https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories
Restart Required: Yes
Instructions:
1. Review Johnson Controls advisory for affected versions. 2. Apply vendor-provided patches or updates. 3. Restart affected systems as required. 4. Verify patch installation.
🔧 Temporary Workarounds
Restrict web interface access
allLimit access to the web interface to only trusted users and networks
Configure firewall rules to restrict access to web interface ports
Implement network segmentation for Metasys systems
Implement strong authentication controls
allEnforce multi-factor authentication and strong password policies
Enable MFA for all web interface users
Implement account lockout policies after failed attempts
🧯 If You Can't Patch
- Implement strict access controls and network segmentation to limit exposure
- Monitor authentication logs for unusual credential access patterns
🔍 How to Verify
Check if Vulnerable:
Check system version against Johnson Controls advisory; review if web interface allows credential recovery by authenticated usersCheck Version:
Consult Metasys documentation for version check commands specific to your deploymentVerify Fix Applied:
Verify patch installation through version check and test that authenticated users cannot recover other users' credentials📡 Detection & Monitoring
Log Indicators:
- Unusual authentication patterns
- Multiple credential access attempts from single user
- Access to credential-related API endpoints
Network Indicators:
- Traffic to web interface endpoints associated with credential management
- Unusual authentication request patterns
SIEM Query:
source="metasys_web_logs" AND (event_type="credential_access" OR uri="/api/credentials")