How severe is CVE-2024-3185?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-3185?

This is classified as CWE-1284, which is a common weakness in software security.

CVE-2024-3185

MEDIUM Year: 2024

CVSS v3 Score

6.8

Medium

Weakness Type

CWE-1284

View all →

Vulnerability Description

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent.

CVE-2024-23593

MEDIUM

CVSS:6.7(Medium)

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local...

CWE-12842024

CVE-2024-39343

HIGH

CVSS:7.0(High)

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly ch...

CWE-12842024

CVE-2024-5102

HIGH

CVSS:7.0(High)

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulner...

CWE-12842024

CVE-2021-1058

HIGH

CVSS:7.1(High)

NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. T...

CWE-12842021

CVE-2021-1062

HIGH

CVSS:7.1(High)

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x...

CWE-12842021

CVE-2021-45972

HIGH

CVSS:7.1(High)

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to...

CWE-12842021

CVE-2024-3185

Vulnerability Description

Related Vulnerabilities

CVE-2024-23593

CVE-2024-39343

CVE-2024-5102

CVE-2021-1058

CVE-2021-1062

CVE-2021-45972