CVE-2023-1409

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 23, 2023

Updated: Sep 21, 2023

CWE ID 295

Summary

CVE-2023-1409 is a vulnerability affecting MongoDB Servers running on Windows and macOS. These servers, when configured to use TLS with certain settings that are secure on other platforms, may fail to enforce client certificate validation. Consequently, an untrusted client can establish a TLS connection with the server by providing an arbitrary certificate. MongoDB Servers version 6.3, 5.0.0 to 5.0.14, and all versions of 4.4 are susceptible to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

MongoDB

Affected Vendors

MongoDB Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sbpfJ8
https://www.cve.org/CVERecord?id=CVE-2023-1409
https://nvd.nist.gov/vuln/detail/CVE-2023-1409

Back to Vulnerability Database