Uncontrolled Search Path Vulnerability in OpenSight Software FlashFXP
CVE-2024-10068

7.8HIGH

Key Information:

Vendor

Opensight Software

Status
Flashfxp
Vendor
CVE Published:
17 October 2024

What is CVE-2024-10068?

A serious vulnerability has been identified in OpenSight Software's FlashFXP version 5.4.0.3970, specifically related to an uncontrolled search path in the library file libcrypto-1_1.dll. This flaw enables potential attackers to manipulate the loading of DLL files, leading to vulnerabilities in the application that can be exploited locally. While the exact function within the software is not disclosed, the implications are significant, allowing malicious actors to potentially compromise the application’s integrity. Despite early notification to the vendor regarding this vulnerability, no response has been recorded, leaving users at risk. It is crucial for users of FlashFXP to be aware of this vulnerability and consider implementing protective measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FlashFXP 5.4.0.3970

References

https://vuldb.com/?id.280716
vdb-entry
https://vuldb.com/?ctiid.280716
signaturepermissions-required
https://vuldb.com/?submit.419684
third-party-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tfhm (VulDB User)
JSON
.