CVE-2024-45832

Ossur Mobile Logic Application Use of Hard-coded Credentials

CVSS 2 LOWEPSS 0.3%CWE-798

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 jan 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information.

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:H/SA:N

Produtos afetados

Ossur · Mobile Logic Application

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01