Base Score

LOW3.9

CVE-2024-45618

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

VectorPHYSICAL

Published Bysecalert@redhat.com

Published DateSep 03, 2024, 22:15

Weakness Type (CWE):CWE-908

CVSS Metrics

Base Score

3.9

Vector String

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

PHYSICAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

Base Score

LOW3.9

Weakness Type (CWE):CWE-908

CVSS Metrics

Base Score

3.9

Vector String

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

PHYSICAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW