CVE-2024-31074

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Nov 13, 2024

Updated: Nov 15, 2024

CWE ID 208

Summary

CVE-2024-31074 is a newly disclosed vulnerability affecting some Intel(R) QuickAssist Technology (QAT) Engines used with OpenSSL software versions prior to v1.6.1. This issue stems from a noticeable timing discrepancy, which potentially enables an attacker to gain unauthorized access to sensitive information through network channels. Without direct contact with the network or the targeted system, an adversary may potentially exploit this vulnerability by scrutinizing the discrepancy to infer encryption keys or other confidential data. This vulnerability poses a significant risk to systems that utilize the affected Intel QAT Engines and OpenSSL software, necessitating immediate updates to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners

CVE-2024-31074

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations