How severe is CVE-2024-41909?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-41909?

This is classified as CWE-354, which is a common weakness in software security.

CVE-2024-41909

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-354

View all →

Vulnerability Description

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.

CVE-2016-15028

MEDIUM

CVSS:5.9(Medium)

A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component ...

CWE-3542016

CVE-2018-1000159

MEDIUM

CVSS:5.9(Medium)

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslit...

CWE-3542018

CVE-2019-1166

MEDIUM

CVSS:5.9(Medium)

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vu...

CWE-3542019

CVE-2023-23119

MEDIUM

CVSS:5.9(Medium)

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modificat...

CWE-3542023

CVE-2023-23120

MEDIUM

CVSS:5.9(Medium)

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware ...

CWE-3542023

CVE-2023-34459

MEDIUM

CVSS:5.9(Medium)

OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiPr...

CWE-3542023

CVE-2024-41909

Vulnerability Description

Related Vulnerabilities

CVE-2016-15028

CVE-2018-1000159

CVE-2019-1166

CVE-2023-23119

CVE-2023-23120

CVE-2023-34459