CVE-2024-8287 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2024-8287?

CVE-2024-8287 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-8287?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Anbox Cloud.

Vulnerability Description

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Anbox Cloud	>= 1.17.0, < 1.23.1

Related Weaknesses (CWE)

CWE-295

References

https://bugs.launchpad.net/anbox-cloud/+bug/2077570Vendor Advisory
https://discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141Release Notes
https://www.cve.org/CVERecord?id=CVE-2024-8287Third Party Advisory

FAQ

What is CVE-2024-8287?

CVE-2024-8287 is a vulnerability with a CVSS score of 7.5 (HIGH). Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox...

How severe is CVE-2024-8287?

CVE-2024-8287 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-8287?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Anbox Cloud.