CVE-2024-45237

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 24, 2024
Updated: Aug 27, 2024
CWE ID 120

Summary

CVE-2024-45237 is a critical vulnerability affecting Fort versions prior to 1.6.3, where a malicious RPKI repository can exploit a buffer overflow due to improper handling of Key Usage extension data. The flaw arises from the program writing an unvalidated string into a 2-byte buffer, which poses significant risks to integrity, confidentiality, and availability within affected products, including various models in the yHXBY series. Remediation involves updating to the latest version of Fort that addresses this security issue. With an exploitability score of 3.9 and a base severity rating of 9.8, this vulnerability allows for potential remote attacks without user interaction or required privileges. Organizations using vulnerable versions are urged to apply patches promptly to mitigate these risks effectively.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share