CVE-2023-39057

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 2, 2023
Updated: Nov 10, 2023

Summary

CVE-2023-39057 is a newly identified information leak vulnerability affecting the hirochanKAKIwaiting software version 13.6.1. This issue permits attackers to gain access to the channel access token, potentially enabling them to send malicious messages to unsuspecting users. The vulnerability arises due to insufficient input validation in the message handling function. An attacker can exploit this flaw by crafting a specific message to extract sensitive information, posing a significant risk to the confidentiality of communication channels. Users are advised to update their hirochanKAKIwaiting software to the latest version to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share