CVE-2024-57055

CVSS 3.1 Score 5 of 10 (medium)

Details

Published Feb 18, 2025

Updated: Feb 19, 2025

CWE ID 306

Summary

CVE-2024-57055 is a server-side access control bypass vulnerability affecting WombatDialer versions prior to 25.02. This issue enables unauthorized users to potentially access certain services without the required access level. However, it's important to note that this vulnerability is limited to services utilized by the client and not the general-use JSON services. Additionally, exploiting this weakness requires reverse engineering of the proprietary serialization protocol, making it a challenging target for attackers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T08yf
https://www.cve.org/CVERecord?id=CVE-2024-57055
https://nvd.nist.gov/vuln/detail/CVE-2024-57055

Back to Vulnerability Database

CVE-2024-57055

CVSS 3.1 Score 5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations