CVE-2024-42495: 
NixOS vulnerability analysis and mitigation

CVE-2024-42495 is a vulnerability discovered in Hughes Network Systems WL3000 Fusion Software versions prior to 2.7.0.10. The vulnerability involves credentials to access device configuration being transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data (CISA Advisory).

The vulnerability is classified as CWE-311 (Missing Encryption of Sensitive Data). It has received a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, and a CVSS v4.0 score of 7.1 (HIGH) with the vector string CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N (NVD).

The vulnerability allows unauthorized access to read-only network configuration information and terminal configuration data. This exposure of sensitive configuration data could potentially be used by attackers to gather intelligence about the system's setup and security measures (CISA Advisory).

Hughes Network Systems has released version 2.7.0.10 of the WL3000 Fusion Software to patch this vulnerability. The fix requires no action by the user. Organizations are advised to minimize network exposure for control system devices, ensure they are not accessible from the internet, and use secure methods like VPNs when remote access is required (CISA Advisory).