CVE-2024-8655

Summary

CVE-2024-8655 identifies a vulnerability in Mercury MNVR816 versions up to 2.0.1.0.5, which allows unauthorized access to files or directories via the web-static component, potentially exploitable remotely. The severity is classified as medium, with a CVSS score of 5.3, indicating a low complexity attack that does not require authentication or user interaction. Affected products include yfytFu, yfytFv, yf0do_, yf0do-, yf0dpA, and yfytFw. Organizations are advised to remediate this vulnerability by applying any available patches or updates from the vendor; however, there has been no response from the vendor regarding this issue after being notified. The potential danger includes partial confidentiality breaches as attackers can access sensitive information through this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.