CVE-2024-45620

CVSS 3.1 Score 3.9 of 10 (low)

Details

Published Sep 3, 2024

Updated: Sep 4, 2024

CWE ID 120

Summary

CVE-2024-45620 identifies a vulnerability in the pkcs15-init tool within OpenSC, which could be exploited by an attacker using a specially crafted USB device or smart card. This flaw allows for incorrect access to initialized parts of a buffer when data is partially filled, posing potential risks to the integrity and confidentiality of the system. Affected products include those utilizing the OpenSC pkcs15-init tool. Remediation efforts should focus on updating to the latest version of OpenSC that addresses this vulnerability. Although the base severity is rated as low (3.9), and it requires physical access to exploit, organizations should remain vigilant, as successful exploitation could lead to additional security concerns.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database