CVE-2024-41967

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Nov 18, 2024

CWE ID 306

Summary

CVE-2024-41967 is a newly disclosed vulnerability that allows a low privileged remote attacker to manipulate the boot mode configuration setup of the affected device. This can result in the modification of the firmware upgrade process, potentially leading to unintended changes or even a denial-of-service attack. The attacker does not require elevated privileges to exploit this vulnerability, making it a significant risk for organizations that rely on these devices. Mitigation measures include restricting remote access to the configuration setup and implementing secure firmware upgrade processes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xOlE86
https://www.cve.org/CVERecord?id=CVE-2024-41967
https://nvd.nist.gov/vuln/detail/CVE-2024-41967

Back to Vulnerability Database

CVE-2024-41967

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations