CVE-2024-41146

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Dec 12, 2024
CWE ID 694

Summary

CVE-2024-41146: A new vulnerability affects Controller 6000 and Controller 7000 Platforms, where an attacker with physical access to HBUS communication cabling can trigger a Denial-of-Service (DoS) attack. This occurs due to the use of Multiple Resources with Duplicate Identifier (CWE-694). The vulnerable firmware versions include Controller 6000 and 7000, prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), and all versions of 8.80 and prior. To mitigate this issue, affected devices require a device reboot.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share