CVE-2024-1150
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Feb 8, 2024
Updated: Feb 15, 2024
CWE ID 347
Summary
CVE-2024-1150 is a newly disclosed vulnerability that impacts the Snow Software Inventory Agent on Unix. This issue stems from an improper verification of cryptographic signatures, enabling an attacker to manipulate files through Snow Update Packages. This vulnerability poses a significant risk, as it allows unauthorized modifications to the software inventory. The affected version range is Inventory Agent through 7.3.1. To mitigate this risk, it is recommended that users upgrade to the latest version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Snow Software AB