Cyber Resilience

CVE-2024-41909

Medium

Published: 12 August 2024

Published
12 August 2024
Modified
27 March 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0064 71.0th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41909 is a medium-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability in Apache Mina Sshd. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 29.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and…

more

server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apache
mina sshd
≤ 2.11.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-354

Proper validation of integrity check values is required for reliable tamper detection, directly reducing undetected modification risks.

addresses: CWE-354

Requires validation of integrity check values on every resolution response, directly mitigating tampered or corrupted DNS data.

addresses: CWE-354

Control mandates proper validation of integrity values (checksums) on prepared data, making flawed validation of those checks ineffective for attackers.

addresses: CWE-354

Requires use of proper integrity verification tools, reducing the chance an incorrect check value is accepted.

addresses: CWE-354

Requires proper validation of integrity mechanisms, directly mitigating flawed check-value handling.

References