PT-2024-21659 · Unknown · Comfortkey
Alwin Warringa
+1
·
Published
2024-08-14
·
Updated
2024-08-20
·
CVE-2024-27120
CVSS v4.0
7.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Red |
Name of the Vulnerable Software and Affected Versions
ComfortKey versions prior to 24.1.2
Description
A Local File Inclusion issue has been found in ComfortKey, allowing an unauthenticated attacker to retrieve sensitive system information.
Recommendations
For versions prior to 24.1.2, update to version 24.1.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive system files until the update is applied.
Fix
Path traversal
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Comfortkey