VDB

CVE-2024-20489

CVE-2024-20489 PUBLISHED CVSS 8.399999618530273 HIGH

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.

EPSS 0.10% · 27.2th percentile

Risk Scores

CVSS 3.1
8.399999618530273
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS Score
0.10%
27.2th percentile

Affected Products

VendorProductVersions
ciscoios_xr24.1.1, 24.2.11, 24.3.1
CiscoCisco IOS XR Software24.2.1, 24.1.1, 24.1.2
ciscoios_xr24.1.1, 24.1.2, 24.2.1

Exploit Intelligence

Timeline

  • Sep 11, 2024 CVE Published
  • Sep 11, 2024 CVE Updated
  • Sep 12, 2024 EPSS Score
  • Oct 2, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 22, 2024 EPSS Score
  • Nov 10, 2024 EPSS Score
  • Nov 30, 2024 EPSS Score
  • Dec 21, 2024 EPSS Score
  • Jan 10, 2025 EPSS Score
  • Jan 30, 2025 EPSS Score
  • Feb 18, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›