CVE-2024-28955

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 732

Summary

CVE-2024-28955 is a newly disclosed vulnerability that allows local users to access world-readable coredump files on affected devices. When a device crashes, it generates and saves a coredump file to investigate the cause of the issue. However, these files contain memory information and can reveal sensitive data. By examining these files, an attacker can potentially gain insights into the device's internal workings or exploit identified vulnerabilities. To determine if a specific product is affected, consult the list of affected vendors and their corresponding product information provided in the references.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share