CVE-2023-39057
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-39057 is a newly identified information leak vulnerability affecting the hirochanKAKIwaiting software version 13.6.1. This issue permits attackers to gain access to the channel access token, potentially enabling them to send malicious messages to unsuspecting users. The vulnerability arises due to insufficient input validation in the message handling function. An attacker can exploit this flaw by crafting a specific message to extract sensitive information, posing a significant risk to the confidentiality of communication channels. Users are advised to update their hirochanKAKIwaiting software to the latest version to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- LY Corporation