CVE-2024-6921: CWE-312 Cleartext Storage of Sensitive Information in NAC Telecommunication Systems Inc. NACPremium
CVE-2024-6921 is a high-severity vulnerability in NAC Telecommunication Systems Inc. 's NACPremium product that involves cleartext storage of sensitive information. This vulnerability allows an attacker with low privileges to retrieve embedded sensitive data without user interaction. The issue affects versions of NACPremium up to 01082024. There is no official patch or remediation level currently provided by the vendor, and no known exploits in the wild have been reported. The vulnerability is classified under CWE-312, indicating improper protection of sensitive data at rest.
AI Analysis
Technical Summary
CVE-2024-6921 describes a vulnerability in NACPremium where sensitive information is stored in cleartext, enabling unauthorized retrieval of embedded sensitive data. The vulnerability has a CVSS 4.0 base score of 8.7, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. The vendor has not yet provided an official fix or remediation guidance. This vulnerability affects NACPremium versions through 01082024 and is categorized under CWE-312 (Cleartext Storage of Sensitive Information).
Potential Impact
An attacker with low privileges can remotely retrieve sensitive information stored in cleartext within the NACPremium product. This exposure can lead to significant confidentiality, integrity, and availability impacts as indicated by the CVSS vector. No known exploits are currently reported in the wild, but the vulnerability poses a high risk if exploited.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, organizations should consider restricting access to affected NACPremium systems to trusted users only and monitor for any unusual access patterns to sensitive data. Avoid storing sensitive information in cleartext where possible and apply compensating controls such as encryption or access controls if feasible.
CVE-2024-6921: CWE-312 Cleartext Storage of Sensitive Information in NAC Telecommunication Systems Inc. NACPremium
Description
CVE-2024-6921 is a high-severity vulnerability in NAC Telecommunication Systems Inc. 's NACPremium product that involves cleartext storage of sensitive information. This vulnerability allows an attacker with low privileges to retrieve embedded sensitive data without user interaction. The issue affects versions of NACPremium up to 01082024. There is no official patch or remediation level currently provided by the vendor, and no known exploits in the wild have been reported. The vulnerability is classified under CWE-312, indicating improper protection of sensitive data at rest.
CVSS v4.0
Score 8.7high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-6921 describes a vulnerability in NACPremium where sensitive information is stored in cleartext, enabling unauthorized retrieval of embedded sensitive data. The vulnerability has a CVSS 4.0 base score of 8.7, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. The vendor has not yet provided an official fix or remediation guidance. This vulnerability affects NACPremium versions through 01082024 and is categorized under CWE-312 (Cleartext Storage of Sensitive Information).
Potential Impact
An attacker with low privileges can remotely retrieve sensitive information stored in cleartext within the NACPremium product. This exposure can lead to significant confidentiality, integrity, and availability impacts as indicated by the CVSS vector. No known exploits are currently reported in the wild, but the vulnerability poses a high risk if exploited.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, organizations should consider restricting access to affected NACPremium systems to trusted users only and monitor for any unusual access patterns to sensitive data. Avoid storing sensitive information in cleartext where possible and apply compensating controls such as encryption or access controls if feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- TR-CERT
- Date Reserved
- 2024-07-19T14:45:21.799Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2085e7e29bf47b50e5acf8
Added to database: 6/3/2026, 7:52:07 PM
Last enriched: 6/3/2026, 8:03:47 PM
Last updated: 6/4/2026, 4:57:50 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.