CVE-2024-20086
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-20086 identifies a vulnerability in the vdec component, where a missing bounds check can lead to an out-of-bounds write, potentially allowing local escalation of privilege with system execution rights. The affected products include multiple variations of the 'wsdzG' series and 'wsd2ff'. Exploitation of this vulnerability does not require user interaction, posing significant risks, including high integrity and confidentiality impacts for organizations. To mitigate this issue, users should apply Patch ID ALPS08932916 as recommended in the vendor advisory. The vulnerability has been rated with a base severity score of 7.8, indicating high risk due to its low attack complexity and local attack vector.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.