Critical Vulnerability Discovered in OpenSight Software FlashFXP, No Response from Vendor

CVE-2024-10068

7.8HIGH

Key Information

Vendor: Opensight Software
Status: Flashfxp
Vendor: CVE Published:; 17 October 2024

Summary

A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

FlashFXP = 5.4.0.3970

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.8 - (HIGH)
Oct 17, 2024
VulDB entry last update
Oct 17, 2024
Vulnerability Reserved.
Oct 17, 2024
VulDB entry created
Oct 17, 2024
Advisory disclosed
Oct 17, 2024
Vulnerability published.
Oct 17, 2024

Collectors

NVD DatabaseMitre Database

Credit

tfhm (VulDB User)