1. Home
  2. CVE Database
  3. CVE-2020-24719
CRITICAL · 9.8

CVE-2020-24719

Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magi...

Vulnerability Description

Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CouchbaseCouchbase Server>= 6.5.1, < 6.6.0

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2020-24719?

CVE-2020-24719 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magi...

How severe is CVE-2020-24719?

CVE-2020-24719 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-24719?

Check the references section above for vendor advisories and patch information. Affected products include: Couchbase Couchbase Server.