CVE-2024-45618
CVSS 3.1 Score 3.9 of 10 (low)
Details
Summary
CVE-2024-45618 identifies a vulnerability in the pkcs15-init component of OpenSC, which could be exploited by an attacker using a malicious USB device or smart card that sends specially crafted responses to Application Protocol Data Units (APDUs). This vulnerability arises from inadequate checking of function return values, leading to potential issues with uninitialized variables. Affected products include those utilizing OpenSC technology. To mitigate this risk, organizations should ensure they are using updated versions of OpenSC that address this vulnerability. The exploitability score is rated at 0.5, with a low base severity score of 3.9, indicating that while the potential impact is low in terms of confidentiality and integrity, the attack requires physical access and has high complexity.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.