CVE-2024-34679

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 6, 2024

Updated: Nov 12, 2024

CWE ID 276

Summary

CVE-2024-34679 is a newly disclosed vulnerability affecting Crane software. Prior to the Nov-2024 Release 1, this issue resulted in incorrect default permissions. Consequently, local attackers were able to bypass security restrictions and access sensitive files, exploiting the phone privilege. This vulnerability poses a significant risk for data breaches and unauthorized access. Crane strongly recommends users to update their software to the latest release to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vzgXHH
https://www.cve.org/CVERecord?id=CVE-2024-34679
https://nvd.nist.gov/vuln/detail/CVE-2024-34679

Back to Vulnerability Database

CVE-2024-34679

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations