Products
Cisco IOS XR Software
Source
ykramarz@cisco.com
Tags
CVE-2024-20489 details
Published : Sept. 11, 2024, 5:15 p.m.
Last Modified : Sept. 11, 2024, 5:15 p.m.
Last Modified : Sept. 11, 2024, 5:15 p.m.
Description
A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.4 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-256 | Plaintext Storage of a Password | Storing a password in plaintext may result in a system compromise. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
8.4
Exploitability Score
2.0
Impact Score
5.8
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
References
| URL | Source |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL | ykramarz@cisco.com |
This website uses the NVD API, but is not approved or certified by it.