How to fix EUVD-2024-54707?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Audit authentication configurations and rotate any potentially compromised credentials.

Is Ubuntu affected by EUVD-2024-54707?

Organizations using When a non-x86 platform face significant risk from CVE-2024-6174, a improper authentication vulnerability rated CVSS 8.8. Attackers could bypass security controls to gain unauthorized access to protected resources and sensitive data.

EUVD-2024-54707

| CVE-2024-6174 HIGH

2025-06-26 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 23:54 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 23:54 euvd

EUVD-2024-54707

CVE Published

Jun 26, 2025 - 10:15 nvd

HIGH 8.8

Description

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Analysis

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

Technical Context

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

Affected Products

Affected products: Canonical Cloud-Init

Remediation

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

Vendor Status

Ubuntu

Priority: Medium

cloud-init

Release	Status	Version
mantic	ignored	end of life, was needs-triage
upstream	released	25.1.3
oracular	ignored	end of life, was needed
bionic	released	23.1.2-0ubuntu0~18.04.1+esm1
focal	released	24.4.1-0ubuntu0~20.04.3+esm1
jammy	released	25.1.4-0ubuntu0~22.04.1
noble	released	25.1.4-0ubuntu0~24.04.1
plucky	released	25.1.4-0ubuntu0~25.04.1
xenial	released	21.1-19-gbad84ad4-0ubuntu1~16.04.4+esm2
trusty	DNE	-

USN-7677-1

Debian

Bug #1108403

cloud-init

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	20.4.1-2+deb11u1	-
bookworm	fixed	22.4.2-1+deb12u3	-
trixie	fixed	25.1.4-1+deb13u1	-
forky, sid	fixed	25.3-2	-
(unstable)	fixed	25.1.4-1	-

EUVD-2024-54707 vulnerability details – vuln.today

Back

EUVD-2024-54707

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2024-54707

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code