CVE-2024-20128

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 2, 2024
CWE ID 125

Summary

CVE-2024-20128 is a newly disclosed cybersecurity vulnerability affecting Telephony systems. The issue stems from a missing bounds check, leading to an out-of-bounds read. An attacker can exploit this flaw to cause a remote denial-of-service (DoS) attack without requiring additional execution privileges. Notably, user interaction is not necessary for successful exploitation. The patch for this vulnerability carries the ID ALPS09289881, and it is also recognized as MSV-2024.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share