CVE-2024-38272 Vulnerability Details

  /     /     /  

CVE-2024-38272 Metadata Quick Info

CVE Published: 26/06/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: Google | Vendor: Google | Product: Nearby
Status : PUBLISHED

CVE-2024-38272 Description

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can\'t send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Share or above

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-294
CWE Name: CWE-294 Authentication Bypass by Capture-replay
Source: Google

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-165
CAPEC Description: CAPEC-165 File Manipulation


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-38272 Vulnerability Details