CVE-2024-20323

HIGH EPSS 9.3%
Published Jul 17, 20241y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Jul 17, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node.

CVSS Details

Base Score
7.5
Exploitability
2.2
Impact
4.7
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Changed
Confidentiality Low
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
9.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-321

Affected Products 2

VendorProductVersionRange
ciscoinode* <4.0.0
ciscoinode_manager* <24.1

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.