CVE-2024-20323
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-20323 is a vulnerability affecting Cisco Intelligent Node (iNode) Software. An unauthenticated, remote attacker can exploit this issue by hijacking the TLS connection between Cisco iNode Manager and associated intelligent nodes. The vulnerability stems from the presence of hard-coded cryptographic material. In a man-in-the-middle scenario, an attacker can use the static cryptographic key to create a trusted certificate and impersonate an affected device. Successful exploitation enables an attacker to read sensitive data, modify node configurations, and cause a denial-of-service condition for connected devices.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.