CVE-2024-53846
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53846 is a new vulnerability affecting the OTP (Open Telecom Platform) set of Erlang libraries, specifically the ssl application. Starting from OTP-25.3.2.8, OTP-26.2, and OTP-27.0, a regression was introduced, leading to incorrect peer verification during SSL handshakes. This issue allows a server to verify a client with server auth extended key usage, and vice versa, potentially enabling man-in-the-middle attacks. This vulnerability poses a significant security risk and should be addressed promptly by updating to the latest, non-affected version of OTP.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.