How severe is CVE-2024-12054?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-12054?

This is classified as CWE-305, which is a common weakness in software security.

CVE-2024-12054 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment or via pivot from J2497 telematics devices) call diagnostic functions intended for workshop or repair scenarios. This can impact system availability, potentially degrading performance or erasing software, however the vehicle remains in a safe vehicle state.

Related Vulnerabilities

CVE-2024-4784

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a p...

CWE-3052024

CVE-2025-30428

MEDIUM

CVSS:5.4(Medium)

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication.

CWE-3052025

CVE-2022-38064

MEDIUM

CVSS:5.5(Medium)

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.

CWE-3052022

CVE-2022-38081

MEDIUM

CVSS:5.5(Medium)

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vul...

CWE-3052022

CVE-2023-27538

MEDIUM

CVSS:5.5(Medium)

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have pre...

CWE-3052023

CVE-2020-10123

MEDIUM

CVSS:5.3(Medium)

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with phys...

CWE-3052020