Vulnerability Description
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
Related Weaknesses (CWE)
References
- https://csirt.divd.nl/CVE-2024-21881
- https://csirt.divd.nl/DIVD-2024-00011
- https://enphase.com/cybersecurity/advisories/ensa-2024-6
FAQ
What is CVE-2024-21881?
CVE-2024-21881 is a documented vulnerability. Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
How severe is CVE-2024-21881?
CVSS scoring is not yet available for CVE-2024-21881. Check NVD for updates.
Is there a patch for CVE-2024-21881?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.