How severe is CVE-2024-23960?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2024-23960?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2024-23960 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23102

Related Vulnerabilities

CVE-2022-3864

MEDIUM

CVSS:4.5(Medium)

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker co...

CWE-3472022

CVE-2021-3521

MEDIUM

CVSS:4.7(Medium)

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing th...

CWE-3472021

CVE-2023-36811

MEDIUM

CVSS:4.7(Medium)

borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives ...

CWE-3472023

CVE-2017-18407

MEDIUM

CVSS:4.8(Medium)

cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).

CWE-3472017

CVE-2024-48948

MEDIUM

CVSS:4.8(Medium)

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the ellipti...

CWE-3472024

CVE-2019-10136

MEDIUM

CVSS:4.3(Medium)

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around,...

CWE-3472019