Cisco IOS XR Software Vulnerability Could Allow Access to MongoDB Credentials
CVE-2024-20489
8.4HIGH
Key Information
- Vendor
- Cisco
- Status
- Cisco iOS Xr Software
- Vendor
- CVE Published:
- 11 September 2024
Badges
👾 Exploit Exists
Summary
A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.
Affected Version(s)
Cisco IOS XR Software = 24.1.1
Cisco IOS XR Software = 24.2.1
Cisco IOS XR Software = 24.1.2
CVSS V3.1
Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
- 👾
Exploit exists.
Collectors
NVD DatabaseMitre Database