CVE-2024-20140

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Jan 6, 2025
CWE ID 787

Summary

CVE-2024-20140 is a vulnerability affecting Power software that allows for a possible out-of-bounds write due to a missing bounds check. If successfully exploited, this issue could result in local privilege escalation, granting a malicious actor System privileges without user interaction. The vulnerability, identified as ALPS09270402 and MSV-2020, requires patching to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share