Cyber Posture

CVE-2024-12137

High

Published: 19 March 2025

Published
19 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
EPSS Score 0.0002 3.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may take control of preexisting sessions with remote services to move laterally in an environment.

Security Summary

CVE-2024-12137 is an Authentication Bypass by Capture-replay vulnerability in the Elfatek Elektronics ANKA JPD-00028 device, enabling session hijacking. This flaw affects ANKA JPD-00028 versions prior to V.01.01 and is rated with a CVSS v3.1 base score of 7.6 (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H), mapped to CWE-294 (Authentication Bypass by Capture-replay).

An attacker with adjacent network access (AV:A) can exploit this vulnerability with low complexity (AC:L) and no required privileges (PR:N), though it necessitates user interaction (UI:R). Successful exploitation allows session hijacking, resulting in low confidentiality impact (C:L), high integrity impact (I:H), and high availability impact (A:H), potentially compromising the device's authentication mechanisms.

The Turkish National Cyber Incident Response Center (USOM) has issued an advisory on this issue at https://www.usom.gov.tr/bildirim/tr-25-0071, which security practitioners should consult for additional details on detection and response.

Details

CWE(s)
CWE-294

MITRE ATT&CK Enterprise Techniques

T1563 Remote Service Session Hijacking Lateral Movement
Adversaries may take control of preexisting sessions with remote services to move laterally in an environment.
attack.mitre.org →
Why these techniques?

The vulnerability enables capture-replay attacks resulting in session hijacking on the affected device, directly facilitating Remote Service Session Hijacking (T1563) by allowing replay of captured authentication data to take control of sessions.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

References