CVE-2024-8207

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Aug 27, 2024
Updated: Aug 30, 2024
CWE ID 610
CWE ID 114

Summary

CVE-2024-8207 identifies a vulnerability in MongoDB Server versions 5.0 prior to 5.0.14 and 6.0 prior to 6.0.3 when deployed on Linux operating systems, allowing an attacker with local host access to load malicious shared libraries into the MongoDB server process, potentially leading to complete control over the server. This issue necessitates a specific configuration of both the host system and MongoDB binary installation, which makes it less common but still significant for affected environments. To remediate this vulnerability, organizations should upgrade their MongoDB servers to versions 5.0.14 or later and 6.0.3 or later as soon as possible. The potential impact is serious, with high integrity and confidentiality risks, assigning it a medium severity rating with a CVSS score of 6.4, indicating that it could lead to unauthorized access and manipulation of data if exploited effectively. Organizations are advised to assess their configurations and apply necessary updates promptly to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share