CVE-2024-9924

Summary

CVE-2024-9924 identifies a critical vulnerability affecting the OAKlouds package from Hgiga, which allows unauthenticated remote attackers to download arbitrary system files. The issue arose due to an incomplete fix for a prior vulnerability (CVE-2024-26261). This security flaw poses significant risks, including high confidentiality and integrity impacts, as well as potential availability issues, with a CVSS base score of 9.8. Organizations are advised to apply the necessary patches and updates as soon as they become available to mitigate the risk of exploitation. Given the low attack complexity and lack of required privileges or user interaction, this vulnerability presents a serious threat that could lead to unauthorized access or data loss.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.