CVE-2024-46943

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Sep 15, 2024
Updated: Sep 20, 2024
CWE ID 520

Summary

CVE-2024-46943 is a critical vulnerability found in OpenDaylight Authentication, Authorization, and Accounting (AAA) up to version 0.19.3, allowing a rogue controller to impersonate an offline peer within a cluster without needing complete configuration details. Affected products include various OpenDaylight implementations, specifically identified by code names such as 'yonWlz' and 'yoK7Bk'. The vulnerability poses significant risks as it can lead to high confidentiality and integrity impacts with no required user interaction or privileges, thus making exploitation straightforward over the network. To remediate this issue, organizations should upgrade to a patched version of OpenDaylight AAA that addresses this flaw. Further information can be found in relevant issue tracking and release notes provided by OpenDaylight resources.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share