CVE-2024-28809

Summary

CVE-2024-28809 is a newly disclosed vulnerability affecting Infinera's hiT 7300 5.60.50 firmware. The weakness lies in the cleartext storage of sensitive passwords within the firmware update packages. An attacker who gains access to these packages can extract the hardcoded credentials and utilize them to access various appliance services. This poses a significant risk, especially in environments where the firmware updates are transmitted over unsecured channels. It is recommended that organizations applying these updates use secure methods to prevent unauthorized access to the packages and protect their networks from potential attackers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.