CVE-2024-46939
Game Extension Engine Path Traversal Vulnerability
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
28 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:N/R:A/V:D
Affected products
vivo · Game Extension EngineWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →