CVE-2024-41146
CVSS 3.1 Score 4.6 of 10 (medium)
Details
Summary
CVE-2024-41146: A new vulnerability affects Controller 6000 and Controller 7000 Platforms, where an attacker with physical access to HBUS communication cabling can trigger a Denial-of-Service (DoS) attack. This occurs due to the use of Multiple Resources with Duplicate Identifier (CWE-694). The vulnerable firmware versions include Controller 6000 and 7000, prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), and all versions of 8.80 and prior. To mitigate this issue, affected devices require a device reboot.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.