CVE-2024-20489

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Sep 11, 2024
Updated: Sep 12, 2024
CWE ID 256

Summary

CVE-2024-20489 is a vulnerability in the storage method of the PON Controller configuration file affecting various devices running Cisco IOS XR Software, allowing authenticated local attackers with low privileges to access unencrypted MongoDB credentials. The flaw stems from improper credential storage on affected devices, enabling an attacker to exploit this oversight by accessing configuration files. If successfully exploited, the attacker could compromise both the confidentiality and integrity of sensitive information. Remediation involves securing the storage of database credentials and applying security updates as recommended by Cisco. The vulnerability is rated with a high severity score of 8.4, indicating significant risks for affected organizations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share