CVE-2024-36466

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 28, 2024
CWE ID 290

Summary

CVE-2024-36466 is a newly identified vulnerability that affects an unspecified application. This issue involves a coding error that enables an attacker to generate a forged zbx_session cookie. Once obtained, the attacker can use this cookie to sign in with admin permissions, granting them unauthorized access to sensitive areas of the application. This vulnerability poses a significant risk to system security, as it allows attackers to bypass authentication controls and potentially cause extensive damage. Organizations are urged to apply relevant patches or updates to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share