Strix
26.1K

CVE-2020-24719

CRITICALCVSS 9.8/10EPSS 23.30%

Last modified

CVE-2020-24719 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). EPSS estimates a 23.30% chance of exploitation in the next 30 days.

Description

Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
23.30%

97.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CouchbaseCouchbase Server>= 6.5.1, < 6.6.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-24719?
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.
How severe is CVE-2020-24719?
CVE-2020-24719 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 23.30% probability of exploitation in the next 30 days.
How do I fix CVE-2020-24719?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-24719?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST