Login Sign Up

CVE-2024-8207

6.4 MEDIUM

📋 TL;DR

This vulnerability allows an attacker with host-level access on Linux systems to manipulate MongoDB server startup to load malicious shared libraries, potentially gaining full control over the MongoDB process. It affects MongoDB Server v5.0 before 5.0.14 and v6.0 before 6.0.3, specifically in certain Linux configurations.

💻 Affected Systems

Products:
  • MongoDB Server
Versions: v5.0 versions prior to 5.0.14, v6.0 versions prior to 6.0.3
Operating Systems: Linux
Default Config Vulnerable: ✅ No
Notes: Only affects highly specific configurations on Linux; not all Linux installations are vulnerable.

📦 What is this software?

Mongodb by Mongodb

View all CVEs affecting Mongodb →

Mongodb by Mongodb

View all CVEs affecting Mongodb →

Mongodb by Mongodb

View all CVEs affecting Mongodb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of the MongoDB server process, enabling unauthorized data access, modification, or deletion, and potential lateral movement within the network.

🟠

Likely Case

Local privilege escalation or unauthorized control over MongoDB operations by an attacker with existing host access, leading to data breaches or service disruption.

🟢

If Mitigated

Limited impact if proper access controls and patching are in place, reducing the attack surface to trusted users only.

🌐 Internet-Facing: LOW, as exploitation requires host-level access, making remote attacks unlikely without prior compromise.
🏢 Internal Only: MEDIUM, as internal attackers with host access could exploit this, but it depends on specific configurations and access controls.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires host-level access and specific conditions, making it less trivial but feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.0.14 or v6.0.3

Vendor Advisory: https://jira.mongodb.org/browse/SERVER-69507

Restart Required: Yes

Instructions:

1. Identify your MongoDB version. 2. Upgrade to v5.0.14 or v6.0.3 using official MongoDB packages. 3. Restart the MongoDB service to apply the patch.

🔧 Temporary Workarounds

Restrict Host Access

linux

Limit host-level access to trusted users only to reduce the attack surface.

Use access control lists (ACLs) and user permissions to restrict login access.

Secure Shared Library Paths

linux

Ensure shared library paths are secure and not writable by unauthorized users.

chmod 755 /usr/lib /lib; chown root:root /usr/lib /lib

🧯 If You Can't Patch

  • Implement strict access controls to limit who can access the host system.
  • Monitor for unusual activity or unauthorized library loading attempts on the server.

🔍 How to Verify

Check if Vulnerable:

Check MongoDB version and OS; if running v5.0 < 5.0.14 or v6.0 < 6.0.3 on Linux, it may be vulnerable.

Check Version:

mongod --version

Verify Fix Applied:

After patching, confirm the version is v5.0.14 or v6.0.3 and restart the service.

📡 Detection & Monitoring

Log Indicators:

  • Unusual library loading events in system logs
  • Failed or unexpected MongoDB startup attempts

Network Indicators:

  • None specific, as this is a local exploit

SIEM Query:

Search for events related to MongoDB process startup or shared library loading from untrusted sources.

📊 Metadata

CVE ID: CVE-2024-8207
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-114
Published: August 27, 2024
Last Updated: May 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8207, you might also want to check these:

CVE-2025-36250 10.0

This vulnerability allows remote attackers to execute arbitrary commands on IBM AIX and VIOS systems...

Same vulnerability type (CWE-114)
CVE-2024-56346 10.0

This critical vulnerability in IBM AIX's nimesis NIM master service allows remote attackers to execu...

Same vulnerability type (CWE-114)
CVE-2025-36251 9.6

This vulnerability in IBM AIX and VIOS nimsh service allows remote attackers to execute arbitrary co...

Same vulnerability type (CWE-114)