CVE-2024-20323

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 17, 2024
Updated: Jul 18, 2024
CWE ID 321

Summary

CVE-2024-20323 is a vulnerability affecting Cisco Intelligent Node (iNode) Software. An unauthenticated, remote attacker can exploit this issue by hijacking the TLS connection between Cisco iNode Manager and associated intelligent nodes. The vulnerability stems from the presence of hard-coded cryptographic material. In a man-in-the-middle scenario, an attacker can use the static cryptographic key to create a trusted certificate and impersonate an affected device. Successful exploitation enables an attacker to read sensitive data, modify node configurations, and cause a denial-of-service condition for connected devices.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share