2N publishes first CVEs to enhance transparency and security

We have taken a significant step forward for the IP access control and intercom industry by publicly sharing information on product vulnerabilities.

By joining the CVE program (Common Vulnerabilities and Exposures) under the CNA account of our parent company AXIS, we are now able to publish CVEs that address identified vulnerabilities in our products. This commitment to transparency allows us to communicate openly about our product’s security and ensures our users are fully informed of needed updates.

What is the CVE Program?

While all software is subject to vulnerabilities, it’s usually only large, mature organizations that publicly address and resolve such vulnerabilities as part of a broader cybersecurity strategy. 2N are the first company from the IP access control industry to partake in the CVE program - which aims to identify, define, and catalogue publicly disclosed cybersecurity vulnerabilities. This plays a central role in the process of addressing and resolving issues.

CVEs are unique identifiers assigned to specific security vulnerabilities, providing a standardized and universally accepted reference for cybersecurity incidents across the globe. This not only allows both users and experts to track vulnerabilities effectively but also ensures swift and reliable information sharing about potential risks and how best to address them.

Stay up-to-date with the latest news. Subscribe to our newsletter.

2N releases the first three CVEs

In a proactive move to enhance cybersecurity, we recently disclosed vulnerabilities in the 2N Access Commander software, Version 3.1.1.2 and prior. These vulnerabilities were discovered and reported by the security research Team82 from Claroty. We have addressed these issues in the next release, 2N Access Commander 3.2, and strongly recommend that all users upgrade to this version, released on the 29th of October 2024.

The details of these vulnerabilities are described in the first three CVEs we published (currently through our parent company Axis) and can be found on our website. They are also publicly available on the U.S. Cybersecurity and Infrastructure Security Agency (CISA) website.

More transparency = empowered users

By joining the CVE program, 2N demonstrates transparency and provides customers with essential information to strengthen their cybersecurity measures.

Publicly disclosed CVEs empower users to make informed decisions about product updates, helping them keep their systems secure against potential threats. It’s a testament to our commitment to proactively supporting customers, communicating necessary updates, and addressing vulnerabilities head-on.

We sincerely appreciate Claroty’s Team82 for discovering and reporting these vulnerabilities.