CVE-2024-3460

May 14, 2024, 4:11 p.m.

7.4
High

Description

In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs.  In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window.

Product(s) Impacted

Product Versions
KioWare for Windows
  • all through 8.34

Weaknesses

References

https://cert.pl/en/posts/2024/04/CVE-2024-3459
https://cert.pl/posts/2024/04/CVE-2024-3459
https://www.kioware.com/

Tags

cvd@cert.pl
2024-05-14
CWE-424
CVE-2024-3460

CVSS Score

7.4 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: May 14, 2024, 3:41 p.m.
  • Last Modified: May 14, 2024, 4:11 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cvd@cert.pl

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.