CVE-2024-41909

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Aug 30, 2024

CWE ID 354

Summary

CVE-2024-41909 is a new vulnerability affecting Apache MINA SSHD, similar to CVE-2023-48795. An attacker intercepting traffic between client and server can manipulate packets, potentially disabling security features and downgrading connections. This issue affects both client and server, requiring upgrades to at least Apache MINA SSHD 2.12.0 for mitigation. Users must ensure both ends of their connection are updated to prevent potential Terrapin attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Mina

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xMbM83
https://www.cve.org/CVERecord?id=CVE-2024-41909
https://nvd.nist.gov/vuln/detail/CVE-2024-41909

Back to Vulnerability Database