CVE-2024-12957Missing Authentication for Critical Function in Armoury Crate

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
8.4HIGHNVD
EPSS
0.1%
top 68.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Armoury Crate
Timeline
PublishedJan 23

Description

A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

Affected Packages1 packages

CVEListV5asus/armoury_crateV2.3.4.0~V5.9.9.0

🔴Vulnerability Details

2
GHSA
GHSA-c3fr-pjq5-rf6r: A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion2025-01-23
CVEList
CVE-2024-12957: A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion2025-01-23