CVE-2024-20350

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 321

Summary

CVE-2024-20350 is a vulnerability found in the SSH server of Cisco Catalyst Center, which may allow unauthenticated remote attackers to impersonate the appliance. The issue arises from a static SSH host key, enabling attackers to conduct machine-in-the-middle attacks on SSH connections and intercept traffic between clients and the appliance. Successful exploitation can lead to command injection and theft of valid user credentials, posing a significant security risk. To mitigate this vulnerability, organizations are advised to update their Cisco Catalyst Center products as per the security advisory provided by Cisco. The vulnerability has a high severity rating with potential impacts on confidentiality, integrity, and availability of affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share