CVE-2024-57854

Critical

Published: 05 March 2026

Published

05 March 2026

Modified

09 March 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0001 2.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57854 is a critical-severity PRNG (CWE-338) vulnerability in Dougdude Net\. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SC-13 (Cryptographic Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely remediation of software flaws like the weak RNG in Net::NSCA::Client, via patching or upgrading to fixed versions.

SC-13 Cryptographic Protection good match

prevent

Mandates use of cryptographic mechanisms meeting organizational requirements, preventing deployment of weak RNG for initialization vectors in NSCA packets.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Requires vulnerability scanning to identify and prioritize exploitation of cryptographic weaknesses such as CVE-2024-57854 in deployed Perl modules.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

T1565.002 Transmitted Data Manipulation Impact

Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

Network-exploitable weak IV prediction directly enables public app exploitation, MITM forgery, and transmitted data manipulation via NSCA packet injection.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic…

functions.

Deeper analysisAI

CVE-2024-57854 is a vulnerability in Net::NSCA::Client versions through 0.009002 for Perl, stemming from the use of a poor random number generator for initialization vectors in initial packets. Starting with version v0.003, the module switched from Crypt::Random to Data::Rand::Obscure, which depends on Perl's built-in rand() function that is not cryptographically secure. This issue falls under CWE-338 (Use of Cryptographically Weak Random Number Generator) and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

The vulnerability enables network-based exploitation with low attack complexity, requiring no privileges, user interaction, or scope changes. Attackers can achieve high impacts on confidentiality and integrity, potentially by predicting or forging initialization vectors in NSCA packets sent by the client.

Mitigation details appear in available references, including a patch in pull request 2 at https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch and an announcement on the oss-security mailing list at http://www.openwall.com/lists/oss-security/2026/03/05/1. The vulnerable code is visible in the source at https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119; practitioners should apply the patch or upgrade to a fixed version.