CVE-2024-3460

Name of the Vulnerable Software and Affected Versions KioWare for Windows versions all through 8.34

Description The issue allows an attacker to exit KioWare for Windows and access other opened applications during a short time window before automatic logout. By utilizing built-in functions of these applications, an attacker can launch other programs. To exploit this, external applications must be running when KioWare is launched, the attacker must know the PIN for the KioWare instance, and must slow down the application with a specific task to extend the usable time window.

Recommendations For versions all through 8.34, consider implementing a mechanism to prevent access to other applications during the time window before automatic logout, or restrict the use of built-in functions in other applications that could be used to launch new programs. Additionally, ensure that the PIN for the KioWare instance is securely managed and consider implementing a feature to detect and prevent attempts to slow down the application for malicious purposes.