cbcvebase.
CVE-2020-24719
published 2020-11-12

CVE-2020-24719: Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic…

PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
23.30%
97.5th percentile
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.

Affected

1 ranges
VendorProductVersion rangeFixed in
couchbasecouchbase_server>= 6.5.1 < 6.6.06.6.0

Detection & IOCsextracted from sources · hover to see the quote

filename.erlang.cookie
  • Monitor logs for exposed Erlang magic cookie values — an attacker can extract the shared secret from log content and use it to attach to an Erlang node and execute OS-level commands.
  • Monitor for unexpected connections to the Erlang Port Mapper Daemon (EPMD), which is used to coordinate distributed Erlang instances and is the entry point for cookie-based RCE.
  • ·Affected version is 6.5.1; the fix is included in version 6.6.0. Ensure systems are patched to 6.6.0 or later to prevent cookie exposure in logs.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.