CVE-2024-23940

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 29, 2024

Updated: Feb 6, 2024

CWE ID 427

Summary

CVE-2024-23940 is a newly disclosed vulnerability affecting Trend Micro's uiAirSupport component, included in their Security 2023 family of consumer products, versions 6.0.2092 and below. This issue involves DLL hijacking and proxying, enabling an attacker to impersonate and manipulate a library, resulting in the execution of arbitrary code on the compromised system. Successful exploitation of this vulnerability could escalate privileges on the affected system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uQpg6F
https://www.cve.org/CVERecord?id=CVE-2024-23940
https://nvd.nist.gov/vuln/detail/CVE-2024-23940

Back to Vulnerability Database

CVE-2024-23940

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations