CVE-2024-36389 – MileSight DeviceHub uses insufficiently random ... (How to Fix)

Q: What is the severity of CVE-2024-36389?

CVE-2024-36389 has a CVSS score of 9.8 (CRITICAL). MileSight DeviceHub uses insufficiently random values for authentication, potentially allowing attackers to bypass authentication mechanisms. This affects organizations using MileSight DeviceHub software for device management.

📋 TL;DR

MileSight DeviceHub uses insufficiently random values for authentication, potentially allowing attackers to bypass authentication mechanisms. This affects organizations using MileSight DeviceHub software for device management.

💻 Affected Systems

Products:

MileSight DeviceHub

Versions: Specific versions not specified in provided information

Operating Systems: Not specified, likely various

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable versions are affected regardless of configuration

📦 What is this software?

Devicehub by Milesight

View all CVEs affecting Devicehub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing unauthorized access to all managed devices and administrative functions

🟠

Likely Case

Authentication bypass leading to unauthorized access to device management interface and sensitive data

🟢

If Mitigated

Limited impact with proper network segmentation and access controls in place

🌐 Internet-Facing: HIGH - Authentication bypass vulnerabilities are critical for internet-facing systems

🏢 Internal Only: HIGH - Even internal systems can be compromised by authenticated users or attackers who gain initial access

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities typically have low exploitation complexity once the weakness is understood

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://www.gov.il/en/Departments/faq/cve_advisories

Restart Required: No

Instructions:

Check vendor advisory for specific patching instructions. Apply any available updates immediately.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate DeviceHub from untrusted networks and restrict access to authorized IPs only

Access Control Lists

all

Implement strict firewall rules to limit access to DeviceHub management interface

🧯 If You Can't Patch

Implement multi-factor authentication if supported
Monitor authentication logs for suspicious activity and failed login attempts

🔍 How to Verify

Check if Vulnerable:

Check DeviceHub version against vendor advisory. Test authentication mechanisms for predictable values.

Check Version:

Check DeviceHub web interface or configuration files for version information

Verify Fix Applied:

Verify updated version is installed and test authentication bypass attempts fail

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Successful logins from unexpected sources
Multiple failed login attempts followed by success

Network Indicators:

Unauthorized access to DeviceHub management endpoints
Traffic patterns suggesting authentication bypass

SIEM Query:

source="DeviceHub" AND (event_type="authentication" AND result="success") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2024-36389

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-330

Published: June 2, 2024

Last Updated: April 10, 2025

🔗 References

https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory
https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36389, you might also want to check these: