CVE-2024-48939
📋 TL;DR
Paxton Net2 versions before 6.07.14023.5015 (SR4) have insufficient validation of REST API license files, allowing attackers to use the API with invalid licenses. This enables unauthorized access to access-log data. Organizations using vulnerable Paxton Net2 access control systems are affected.
💻 Affected Systems
- Paxton Net2
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could retrieve sensitive access-log data including personnel movements, door access patterns, and security event logs, potentially enabling physical security breaches or intelligence gathering.
Likely Case
Unauthorized access to access-log data revealing building entry/exit patterns, employee movements, and security system activity.
If Mitigated
Limited or no data exposure if proper network segmentation and API access controls are implemented.
🎯 Exploit Status
Exploitation requires network access to the REST API endpoint but bypasses license validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.07.14023.5015 (SR4) or later
Vendor Advisory: https://paxton-access.co.uk
Restart Required: Yes
Instructions:
1. Download the latest Net2 software from Paxton's official website. 2. Backup current configuration and database. 3. Run the installer to upgrade to version 6.07.14023.5015 or later. 4. Restart the Net2 server and verify functionality.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Net2 REST API endpoints
Disable REST API
windowsTemporarily disable the REST API feature if not required
🧯 If You Can't Patch
- Implement strict network access controls to limit REST API access to authorized IPs only
- Monitor REST API logs for unusual access patterns or license validation failures
🔍 How to Verify
Check if Vulnerable:
Check Net2 version in the software interface or via the REST API endpoint /api/versionCheck Version:
curl -X GET http://[net2-server]/api/versionVerify Fix Applied:
Confirm version is 6.07.14023.5015 or later and test license validation with invalid license files📡 Detection & Monitoring
Log Indicators:
- Failed license validation attempts
- Unauthorized REST API access to access-log endpoints
- Multiple requests to /api/access-logs from unusual sources
Network Indicators:
- Unusual traffic to Net2 REST API endpoints (typically port 80/443)
- Requests to access-log endpoints without proper authentication
SIEM Query:
source="net2" AND (uri_path="/api/access-logs" OR message="license validation")