Skip to main content

Ubuntu CVE-2024-6174

| EUVDEUVD-2024-54707 HIGH
Improper Authentication (CWE-287)
2025-06-26 security@ubuntu.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
8.8 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 23:54 euvd
EUVD-2024-54707
Analysis Generated
Mar 15, 2026 - 23:54 vuln.today
CVE Published
Jun 26, 2025 - 10:15 nvd
HIGH 8.8

DescriptionCVE.org

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Analysis

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Technical ContextAI

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

RemediationAI

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Vendor StatusVendor

Ubuntu

Priority: Medium
cloud-init
Release Status Version
mantic ignored end of life, was needs-triage
upstream released 25.1.3
oracular ignored end of life, was needed
bionic released 23.1.2-0ubuntu0~18.04.1+esm1
focal released 24.4.1-0ubuntu0~20.04.3+esm1
jammy released 25.1.4-0ubuntu0~22.04.1
noble released 25.1.4-0ubuntu0~24.04.1
plucky released 25.1.4-0ubuntu0~25.04.1
xenial released 21.1-19-gbad84ad4-0ubuntu1~16.04.4+esm2
trusty DNE -

Debian

Bug #1108403
cloud-init
Release Status Fixed Version Urgency
bullseye vulnerable 20.4.1-2+deb11u1 -
bookworm fixed 22.4.2-1+deb12u3 -
trixie fixed 25.1.4-1+deb13u1 -
forky, sid fixed 25.3-2 -
(unstable) fixed 25.1.4-1 -

SUSE

Severity: High
Product Status
Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected
Image SLES-Azure-3P Image SLES-Azure-Basic Image SLES-Azure-Standard Image SLES-BYOS-Azure Image SLES-BYOS-EC2 Image SLES-CHOST-BYOS-Aliyun Image SLES-CHOST-BYOS-Azure Image SLES-CHOST-BYOS-EC2 Image SLES-CHOST-BYOS-GDC Image SLES-CHOST-BYOS-SAP-CCloud Image SLES-EC2 Image SLES-Hardened-BYOS-Azure Image SLES-Hardened-BYOS-EC2 Image SLES-SAP-Azure Image SLES-SAP-Azure-3P Image SLES-SAP-BYOS-Azure Image SLES-SAP-BYOS-EC2 Image SLES-SAPCAL-Azure Image SLES-SAPCAL-EC2 Affected
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise Server 16.0 Fixed

Share

CVE-2024-6174 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy