CVE-2024-45191

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 22, 2024
Updated: Aug 28, 2024
CWE ID 208

Summary

CVE-2024-45191 is a critical vulnerability found in the Matrix libolm library, specifically affecting versions up to 3.2.16, which utilizes an AES implementation vulnerable to cache-timing attacks due to S-box usage. The affected products include various releases labeled as x-PxQz, x-PxQy, x-PxQx, and others within the same range. Organizations using these outdated products face significant risks regarding confidentiality and integrity, as exploitation could lead to unauthorized data access or manipulation without requiring user interaction. To remediate this issue, it is recommended that organizations upgrade to the latest supported versions of the library or discontinue use of the affected products altogether. The vulnerability has a CVSS base score of 9.8, indicating a high severity level that necessitates immediate attention from security teams.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share