CVE-2024-38410
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-38410 is a newly identified memory corruption vulnerability. It occurs when IOCLT, or Input-Output Control Layer Transport, is called on a device that is in an invalid state. As a result, the WMI command buffer may be freed twice, leading to unintended memory manipulation. This issue can potentially be exploited by attackers to execute arbitrary code or cause denial-of-service conditions. Devices and systems using the affected IOCLT implementation are at risk. It is recommended that affected organizations apply the forthcoming patch as soon as it becomes available to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.