Software Vulnerability Allows for Unauthorized Access to Other Applications

CVE-2024-3460

7.4HIGH

Key Information

Vendor: Kioware
Status: Kioware
Vendor: CVE Published:; 14 May 2024

Summary

In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window.

Affected Version(s)

Kioware <= 8.34

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Apr 8, 2024

Collectors

NVD DatabaseMitre Database

Credit

Maksymilian Kubiak [Afine Team]