Software Vulnerability Allows for Unauthorized Access to Other Applications
CVE-2024-3460

7HIGH

Key Information:

Vendor

Kioware

Status
Kioware
Vendor
CVE Published:
14 May 2024

What is CVE-2024-3460?

In KioWare for Windows, versions up to and including 8.34, a session management flaw exists that allows users to exit the application and access other pre-opened applications during a brief time window prior to an enforced automatic logout. This exploitation requires that external applications remain active when KioWare is launched, and the attacker must possess knowledge of the specific PIN associated with that KioWare instance. By executing a designated task that delays the application, the attacker can extend the period in which unauthorized program launch can occur, potentially compromising sensitive data.

Affected Version(s)

Kioware Windows 0 <= 8.34

References

https://cert.pl/posts/2024/04/CVE-2024-3459
third-party-advisory
https://cert.pl/en/posts/2024/04/CVE-2024-3459
third-party-advisory
https://www.kioware.com/
product

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maksymilian Kubiak [Afine Team]
.