CVE-2024-25679

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 9, 2024
Updated: Feb 15, 2024

Summary

CVE-2024-25679 is a vulnerability affecting the PQUIC (Transport Layer Security over QUIC) protocol before version 5bde5bb. This issue allows attackers to disrupt connections with a Pre-Shared Key (PSK) configuration by encrypting a malicious CONNECTION_CLOSE frame using the initial encryption keys that are retained but no longer in use. Network traffic sniffing is required to execute the attack. Successful exploitation can lead to the termination of affected connections.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share