CVE-2024-53683

Ossur Mobile Logic Application Exposure of Sensitive System Information to an Unauthorized Control Sphere

CVSS 5.6 MEDIUMEPSS 0.2%CWE-497

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.6EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Jan 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use.

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected products

Ossur · Mobile Logic Application

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01