Improper Verification of Cryptographic Signature Vulnerability Allows File Manipulation Through Snow Update Packages
CVE-2024-1149

7.8HIGH

Key Information:

Vendor: Snow Software
Status: Inventory Agent
Vendor: CVE Published:; 8 February 2024

🔔 Create Snow Software Vulnerability Alert

What is CVE-2024-1149?

An improper verification of cryptographic signature vulnerability exists in the Snow Software Inventory Agent, affecting its functionality on MacOS, Windows, and Linux platforms. This flaw allows for potential file manipulation through Snow Update Packages, putting user data and system integrity at risk. Products affected include versions of the Inventory Agent up to 6.12.0 for MacOS, 6.14.5 for Windows, and 6.7.2 for Linux. It is crucial for users to update to the latest versions to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Inventory Agent Linux 0 <= 6.7.2

Inventory Agent MacOS 0 <= 6.12.0

Inventory Agent Windows 0 <= 6.14.5

References

https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2024
Vulnerability Reserved
Feb 1, 2024

JSON

Snow Software

What is CVE-2024-1149?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.