CVE-2024-45823

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Sep 12, 2024
CWE ID 287

Summary

CVE-2024-45823 is an authentication bypass vulnerability affecting certain products from Rockwell Automation, which may allow an attacker to impersonate a user by exploiting shared secrets across accounts. This vulnerability poses a high risk, with potential impacts on confidentiality, integrity, and availability due to the ability of unauthorized users to gain access without proper credentials. The exploit requires no user interaction and can be executed over a network, making it particularly concerning for organizations relying on these affected products. To remediate this vulnerability, organizations should implement stricter account management practices and review their authentication mechanisms to eliminate shared secrets. Continuous monitoring and updates from security advisories are recommended to mitigate potential threats associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share