CVE-2024-20090
CVSS 3.1 Score 6.7 of 10 (medium)
Details
Summary
CVE-2024-20090 identifies a vulnerability in multiple MediaTek products, including models wsdzGj, wsdzGi, wsdzGh, wsd2ff, wsdzGf, and wsdzGe, due to an out-of-bounds write caused by a missing bounds check. Exploitation of this vulnerability can lead to local privilege escalation requiring high system execution privileges without user interaction. The potential impacts include high integrity and confidentiality risks, as well as significant availability concerns. Organizations are advised to apply the provided patch (ID: ALPS09028313) to remediate this issue. This vulnerability has been rated with a medium severity score of 6.7 and an exploitability score of 0.8, indicating a relatively low complexity for attackers leveraging local access.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.