CVE-2024-6156

CVSS 3.1 Score 3.8 of 10 (low)

Details

Published Dec 6, 2024

Summary

CVE-2024-6156 is a vulnerability affecting LXD, a Linux container manager, before version 5.21.2. This issue was discovered by Mark Laing, who found that the PKI (Public Key Infrastructure) mode of LXD could be bypassed if a client's certificate was present in the trust store. The trust store is used to validate the authenticity of certificates presented during the secure communication between the client and the LXD server. The bypass allows an attacker with a malicious certificate in the trust store to impersonate the client and gain unauthorized access to the container manager. This vulnerability poses a serious security risk, as it enables man-in-the-middle attacks. It is crucial to update LXD to version 5.21.3 or later to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Canonical System

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners