Lucene search

HYPRCVE-2024-1721

HistoryMay 21, 2024 - 4:15 p.m.

CVE-2024-1721

2024-05-2116:15:24

CWE-347

HYPR

web.nvd.nist.gov

vulnerability

windows

malicious update

hypr passwordless

CVSS4

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:N/SC:N/VI:H/SI:H/VA:N/SA:N/AU:N/U:Green/R:U/V:C/RE:M

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Passwordless",
    "vendor": "HYPR",
    "versions": [
      {
        "lessThan": "9.1",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  }
]

References

www.hypr.com/trust-center/security-advisories

CVSS4

5.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:N/SC:N/VI:H/SI:H/VA:N/SA:N/AU:N/U:Green/R:U/V:C/RE:M

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-1721