CVE-2024-4854

Summary

CVE-2024-4854 is a vulnerability that affects Wireshark versions 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22, specifically the MONGO and ZigBee TLV dissector components. This vulnerability can be exploited through packet injection or a crafted capture file, leading to denial of service incidents. The risk score is rated at 64, with a base severity of MEDIUM and a base score of 6.4 according to CVSS version 3.1 standards. The impact is considered low in terms of integrity and confidentiality, but high in terms of availability. No privileges are required for exploitation, but user interaction is necessary on a network level to trigger the vulnerability. Organizations should apply the necessary updates or patches provided by Wireshark to remediate this vulnerability and prevent potential denial of service attacks from occurring.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.