CVE-2024-46943
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-46943 is a critical vulnerability found in OpenDaylight Authentication, Authorization, and Accounting (AAA) up to version 0.19.3, allowing a rogue controller to impersonate an offline peer within a cluster without needing complete configuration details. Affected products include various OpenDaylight implementations, specifically identified by code names such as 'yonWlz' and 'yoK7Bk'. The vulnerability poses significant risks as it can lead to high confidentiality and integrity impacts with no required user interaction or privileges, thus making exploitation straightforward over the network. To remediate this issue, organizations should upgrade to a patched version of OpenDaylight AAA that addresses this flaw. Further information can be found in relevant issue tracking and release notes provided by OpenDaylight resources.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.