CVE-2024-28955
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2024-28955 is a newly disclosed vulnerability that allows local users to access world-readable coredump files on affected devices. When a device crashes, it generates and saves a coredump file to investigate the cause of the issue. However, these files contain memory information and can reveal sensitive data. By examining these files, an attacker can potentially gain insights into the device's internal workings or exploit identified vulnerabilities. To determine if a specific product is affected, consult the list of affected vendors and their corresponding product information provided in the references.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.