CVE-2024-20012

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Feb 5, 2024
Updated: Feb 9, 2024
CWE ID 843

Summary

CVE-2024-20012 is a newly disclosed vulnerability affecting the keyInstall function. It involves type confusion, which can lead to a privilege escalation, granting local attackers System execution privileges without requiring user interaction. This issue is significant as it could allow an attacker to elevate their privileges, potentially gaining full control over the affected system. The patch for this vulnerability is identified as ALPS08358566, and it is strongly recommended that affected systems be updated as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share