CVE-2020-24719

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
62.7%
top 1.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Couchbase Couchbase Server
Timeline
PublishedNov 12
Latest updateMay 24

Description

Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDcouchbase/couchbase_server6.5.16.6.0

🔴Vulnerability Details

2
GHSA
GHSA-gvjj-4rcj-mxhw: Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack2022-05-24
CVEList
CVE-2020-24719: Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack2020-11-12
CVE-2020-24719 (CRITICAL CVSS 9.8) | Exposed Erlang Cookie could lead to | cvebase.io