CVE-2024-20128
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 2, 2024
CWE ID 125
Summary
CVE-2024-20128 is a newly disclosed cybersecurity vulnerability affecting Telephony systems. The issue stems from a missing bounds check, leading to an out-of-bounds read. An attacker can exploit this flaw to cause a remote denial-of-service (DoS) attack without requiring additional execution privileges. Notably, user interaction is not necessary for successful exploitation. The patch for this vulnerability carries the ID ALPS09289881, and it is also recognized as MSV-2024.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share