Unrated severityNVD Advisory· Published Sep 18, 2024· Updated Sep 19, 2024

CVE-2024-8287

Description

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.

Affected products

Anbox/Anbox Management Servicellm-create
Range: >=1.17.0 <=1.23.0
Canonical Ltd./Anbox Cloudv5
Range: 1.17.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141mitrevendor-advisory
bugs.launchpad.net/anbox-cloud/+bug/2077570mitreissue-tracking
www.cve.org/CVERecordmitreissue-tracking

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000