CVE-2024-0208
Wireshark
CVE-2024-0208 is a critical vulnerability in Wireshark that can cause a denial of service. Specifically, the GVCP dissector in Wireshark versions 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19, is susceptible to crashing. An attacker can exploit this vulnerability by injecting malicious packets or providing a crafted capture file. While the CVSS score is 7.5, SOCRadar's Vulnerability Risk Score (SVRS) is 71, indicating a significant risk that warrants attention. Successful exploitation leads to a denial-of-service condition, disrupting network analysis and monitoring activities. This vulnerability is significant because Wireshark is a widely used network analysis tool, making many organizations potentially vulnerable. While not immediately critical based on SVRS, it is close and requires monitoring for increased threat activity.
Description:
CVE-2024-0208 is a vulnerability in Wireshark, a popular network protocol analyzer. The vulnerability allows a remote attacker to cause a denial of service (DoS) condition by sending a specially crafted packet or capture file. This could allow an attacker to disrupt the operation of a network or system that is using Wireshark.
Key Insights:
- The SVRS score of 56 indicates that this vulnerability is of moderate severity. While it does not pose an immediate critical threat, it is still important to take steps to mitigate the risk.
- The vulnerability can be exploited remotely, meaning that an attacker does not need to have physical access to the target system. This makes it easier for attackers to exploit the vulnerability.
- The vulnerability is present in multiple versions of Wireshark, including the latest version (4.2.0). This means that a large number of users are potentially affected by this vulnerability.
- Active exploits for this vulnerability have been published, which means that attackers are actively looking for ways to exploit it.
Mitigation Strategies:
- Update Wireshark to the latest version (4.2.1). This version includes a fix for the vulnerability.
- If you are unable to update Wireshark immediately, you can disable the GVCP dissector. This will prevent the vulnerability from being exploited.
- Use a firewall to block access to port 2002. This will help to prevent attackers from sending malicious packets to your system.
- Monitor your network traffic for suspicious activity. This will help you to identify and respond to attacks quickly.
Additional Information:
- Threat Actors/APT Groups: There is no information available about specific threat actors or APT groups that are actively exploiting this vulnerability.
- Exploit Status: Active exploits for this vulnerability have been published.
- CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning about this vulnerability.
- In the Wild: There is no information available about whether this vulnerability is being actively exploited in the wild.
If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.
Indicators of Compromise
Exploits
News
Social Media
Affected Software
References
CWE Details
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.