Vulnerability Description
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Snowsoftware | Snow Inventory Agent | < 6.7.2 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAKVendor Advisory
- https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAKVendor Advisory
FAQ
What is CVE-2024-1149?
CVE-2024-1149 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File M...
How severe is CVE-2024-1149?
CVE-2024-1149 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1149?
Check the references section above for vendor advisories and patch information. Affected products include: Snowsoftware Snow Inventory Agent, Apple Macos, Linux Linux Kernel, Microsoft Windows.