CVE-2024-45619

CVSS 3.1 Score 3.9 of 10 (low)

Details

Published Sep 3, 2024

Updated: Sep 4, 2024

CWE ID 120

Summary

CVE-2024-45619 is a vulnerability affecting OpenSC, including OpenSC tools, the PKCS#11 module, minidriver, and CTK. This flaw allows an attacker to exploit a crafted USB device or smart card that presents specially crafted responses to APDUs, potentially leading to incorrect access of initialized parts of partially filled buffers. The vulnerability has been rated with a base severity of LOW (3.9) and requires physical access to exploit, making the attack complexity high while posing low risks to integrity and confidentiality. To remediate this vulnerability, organizations are advised to update affected products as per vendor guidelines. If left unaddressed, the vulnerability could enable unauthorized access or manipulation of sensitive data within the affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database