CVE-2024-10921 – An authenticated MongoDB user can cause server ... (How to Fix)

Q: How do I fix CVE-2024-10921?

1. Download patched version from MongoDB website. 2. Stop MongoDB service. 3. Backup data and configuration. 4. Install patched version. 5. Restart MongoDB service. 6. Verify version and functionality.

Q: What is the severity of CVE-2024-10921?

CVE-2024-10921 has a CVSS score of 6.8 (MEDIUM). An authenticated MongoDB user can cause server crashes or read unauthorized memory contents by sending specially crafted requests with malformed BSON. This affects MongoDB Server versions 5.0 before 5.0.30, 6.0 before 6.0.19, 7.0 before 7.0.15, and 8.0 up to 8.0.2.

📋 TL;DR

An authenticated MongoDB user can cause server crashes or read unauthorized memory contents by sending specially crafted requests with malformed BSON. This affects MongoDB Server versions 5.0 before 5.0.30, 6.0 before 6.0.19, 7.0 before 7.0.15, and 8.0 up to 8.0.2.

💻 Affected Systems

Products:

MongoDB Server

Versions: 5.0.x < 5.0.30, 6.0.x < 6.0.19, 7.0.x < 7.0.15, 8.0.x <= 8.0.2

Operating Systems: All platforms running affected MongoDB versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to MongoDB instance. All deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive server memory contents leading to credential theft or data leakage, combined with denial of service through server crashes.

🟠

Likely Case

Server crashes causing temporary denial of service, potentially disrupting database operations and applications.

🟢

If Mitigated

Limited impact with proper authentication controls and network segmentation, though authenticated users could still cause disruptions.

🌐 Internet-Facing: MEDIUM - Requires authentication but internet-facing instances could be targeted by attackers with stolen credentials.

🏢 Internal Only: MEDIUM - Authenticated internal users could exploit this, but network segmentation reduces external attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires understanding of BSON structure and authenticated access.

Exploitation requires authenticated access and knowledge of BSON manipulation. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.30, 6.0.19, 7.0.15, 8.0.3

Vendor Advisory: https://jira.mongodb.org/browse/SERVER-96419

Restart Required: Yes

Instructions:

1. Download patched version from MongoDB website. 2. Stop MongoDB service. 3. Backup data and configuration. 4. Install patched version. 5. Restart MongoDB service. 6. Verify version and functionality.

🔧 Temporary Workarounds

Restrict User Privileges

all

Limit authenticated users to minimal necessary privileges to reduce attack surface.

db.updateUser('username', {roles: [{'role': 'read', 'db': 'database'}]})

Network Access Controls

linux

Implement strict network segmentation and firewall rules to limit MongoDB access.

iptables -A INPUT -p tcp --dport 27017 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 27017 -j DROP

🧯 If You Can't Patch

Implement strict authentication and authorization controls to limit user access
Deploy network segmentation and firewall rules to restrict MongoDB access to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Connect to MongoDB and run: db.version() to check if version falls in affected ranges.

Check Version:

db.version()

Verify Fix Applied:

After patching, run: db.version() to confirm version is 5.0.30, 6.0.19, 7.0.15, or 8.0.3+.

📡 Detection & Monitoring

Log Indicators:

Unexpected server crashes/restarts
Authentication logs showing unusual user activity
Error logs containing BSON parsing failures

Network Indicators:

Unusual patterns of authenticated requests to MongoDB
Multiple connection attempts with malformed data

SIEM Query:

source="mongodb.log" AND ("crash" OR "restart" OR "BSON" AND "error")

📊 Metadata

CVE ID: CVE-2024-10921

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-158

Published: November 14, 2024

Last Updated: October 1, 2025

🔗 References

https://jira.mongodb.org/browse/SERVER-96419 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10921, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mongodb by Mongodb

Mongodb by Mongodb

Mongodb by Mongodb

Mongodb by Mongodb

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict User Privileges

Network Access Controls

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities