CVE-2024-25679
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Feb 9, 2024
Updated: Feb 15, 2024
Summary
CVE-2024-25679 is a vulnerability affecting the PQUIC (Transport Layer Security over QUIC) protocol before version 5bde5bb. This issue allows attackers to disrupt connections with a Pre-Shared Key (PSK) configuration by encrypting a malicious CONNECTION_CLOSE frame using the initial encryption keys that are retained but no longer in use. Network traffic sniffing is required to execute the attack. Successful exploitation can lead to the termination of affected connections.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share