CVE-2024-48915

Summary

CVE-2024-48915 identifies a vulnerability in the Agent Dart library, specifically prior to version 1.0.0-dev.29, where improper certificate verification allows a subnet to sign canister responses on behalf of another subnet without appropriate checks on canister_ranges and timestamp validation. This flaw affects multiple products within the Agent Dart ecosystem, potentially exposing organizations to unauthorized access or control over their applications. To remediate this vulnerability, users should upgrade to version 1.0.0-dev.29 or later, which implements the necessary certificate verification mechanisms. The vulnerability has a low exploitability score of 3.9 and is categorized as having no direct impact on confidentiality or integrity; however, it still poses risks due to its network attack vector and low attack complexity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.