CVE-2024-44730

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Oct 11, 2024

Updated: Oct 16, 2024

CWE ID 924

Summary

CVE-2024-44730 is a new access control vulnerability affecting Mirotalk. The issue lies within the function handleDataChannelChat(dataMessage), where incorrect access checks allow unauthorized users to forge chat messages with arbitrary sender names before the commit. This flaw could lead to potential impersonation attacks, allowing attackers to deceive other users in the chat system. Organizations using Mirotalk are advised to patch this vulnerability as soon as possible to prevent potential security breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/x8EDG3
https://www.cve.org/CVERecord?id=CVE-2024-44730
https://nvd.nist.gov/vuln/detail/CVE-2024-44730

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-44730

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations