CVE-2024-28140
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Dec 11, 2024
Updated: Dec 12, 2024
CWE ID 250
Summary
CVE-2024-28140 is a vulnerability affecting a specific scanner device. By default, the device boots into a kiosk mode and opens the Scan2Net interface in a browser window. The concerning aspect is that this browser is executed with root user permissions, increasing the risk of potential attacks. Furthermore, there are other applications found to be running as root user, further expanding the attack surface. This configuration poses a significant security risk and should be addressed promptly by device administrators.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share