CRITICAL🇵🇱 Wersja polska

CVE-2025-12478

CVSS 10.0v4.0pub. 2025-10-29upd. 2025-11-07

Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

🤖 AI Analysis
How it works

The vulnerability results from the use of TLS configuration in the devices that does not meet current security standards (CWE-326). This means that the cryptographic algorithms used, key lengths, or connection negotiation parameters are insufficient. A remote attacker, without authentication and without special prerequisites, may potentially conduct an attack on the device communication encryption layer. This results in exposure of confidentiality, integrity, and availability of both the device itself and systems associated with it.

Impact

An attacker may gain access to sensitive data transmitted by the device, manipulate communications, or disrupt the operation of the device and connected systems. The maximum CVSS score of 10.0 indicates full impact on confidentiality, integrity, and availability of both the device itself and surrounding systems.

Mitigation & patch

Security patches from the manufacturer should be applied in accordance with references published at https://azure-access.com/security-advisories. It is recommended to immediately update the firmware of BLU-IC2 and BLU-IC4 devices to a version higher than 1.19.5 as soon as it becomes available. Until the patch is deployed, it is recommended to isolate the devices on the network and restrict access to them exclusively to trusted network segments.

Who is affected

Azure-Access BLU-IC2 in all firmware versions up to and including 1.19.5, and Azure-Access BLU-IC4 in all firmware versions up to and including 1.19.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12515CRITICAL10.0PL ✓ten sam produkt

Systemiczne błędy wewnętrzne serwera (HTTP 500) w Azure-Access BLU-IC2 i BLU-IC4