Improper Verification of Cryptographic Signature Vulnerability in Snow Software Inventory Agent on Unix Allows File Manipulation through Snow Update Packages
CVE-2024-1150

5.5MEDIUM

Key Information:

Vendor: Snow Software
Status: Inventory Agent
Vendor: CVE Published:; 8 February 2024

🔔 Create Snow Software Vulnerability Alert

What is CVE-2024-1150?

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.

Affected Version(s)

Inventory Agent Unix 0 <= 7.3.1

References

https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2024
Vulnerability Reserved
Feb 1, 2024