CVE-2024-0313

A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://kcm.trellix.com/corporate/index?page=content&id=SB10418
https://kcm.trellix.com/corporate/index?page=content&id=SB10418

Configurations

No configuration.

History

21 Nov 2024, 08:46

Type	Values Removed	Values Added
Summary		(es) Un usuario interno malicioso que aproveche esta vulnerabilidad puede eludir los controles de seguridad existentes implementados por la organización. Por el contrario, si la víctima está utilizando legítimamente la omisión temporal para acceder a Internet para recuperar aplicaciones y actualizaciones del sistema, un dispositivo remoto podría apuntar a ella y deshacer la omisión, negándole así a la víctima el acceso al servicio de actualización, provocando que fallar.
References	~~() https://kcm.trellix.com/corporate/index?page=content&id=SB10418 -~~	() https://kcm.trellix.com/corporate/index?page=content&id=SB10418 -

14 Mar 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-14 09:15

Updated : 2024-11-21 08:46

NVD link : CVE-2024-0313

Mitre link : CVE-2024-0313

CVE.ORG link : CVE-2024-0313

JSON object : View

Products Affected

No product.

CWE

CWE-670

Always-Incorrect Control Flow Implementation

5.5 /10