CVERadar

CVE-2024-12345

Medium Severity

SVRS

30/100

CVSSv3

4.4/10

EPSS

0.00034/1

CVE-2024-12345: A resource consumption vulnerability exists in INW Krbyyyzo 25.2002, specifically affecting the /gbo.aspx file of the Daily Huddle Site component. This resource consumption vulnerability allows a local attacker to exhaust resources by manipulating the 's' argument, potentially impacting system stability. While the CVSS score is 4.4, indicating moderate severity, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a lower level of immediate threat compared to more critical vulnerabilities. However, active exploits are available, and its presence "In The Wild" makes it important to monitor. The CWE-400 categorization emphasizes the potential for denial-of-service conditions. Although the SVRS isn't critical, organizations should assess their exposure and consider applying mitigations, because exploits are currently available. The associated risk involves potential service disruptions, requiring a proactive approach to prevent exploitation.

Description

CVE-2024-12345 is a newly discovered vulnerability with limited information available at this time. The CVSS score is currently 0, indicating a lack of publicly available data for its assessment. However, SOCRadar's Vulnerability Risk Score (SVRS) stands at 30, suggesting a moderate risk level.

Key Insights

Active Exploitation: This vulnerability is actively being exploited by hackers ("In The Wild") and exploits are publicly available. This means attackers are actively using this flaw to compromise systems, highlighting the immediate need for action.
Limited Information: The lack of detailed description and a CVSS score of 0 indicates a lack of public information about the vulnerability. This makes it challenging to understand the full scope and impact of the vulnerability.
SVRS Significance: The SVRS score of 30, despite the lack of detailed information, highlights the potential severity of the vulnerability and underscores the need for proactive security measures.

Mitigation Strategies

Patching: Prioritize patching systems with the latest security updates as soon as possible. This will address the vulnerability and prevent exploitation.
Network Segmentation: Implement network segmentation to isolate critical systems and reduce the potential impact of a successful attack.
Intrusion Detection/Prevention Systems (IDS/IPS): Deploy and configure intrusion detection/prevention systems to detect and block malicious traffic exploiting this vulnerability.
Threat Intelligence: Continuously monitor threat intelligence feeds for new information related to CVE-2024-12345. This will help stay informed about potential attack vectors and mitigation techniques.

Additional Information: For further details on CVE-2024-12345 and its potential impact, please utilize the 'Ask to Analyst' feature within SOCRadar, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

Title	Software Link	Date
RoyaRadin/CVE-2024-12345-POC	https://github.com/RoyaRadin/CVE-2024-12345-POC	2024-11-29

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-12345 | INW Krbyyyzo 25.2002 Daily Huddle Site /gbo.aspx s resource consumption

vuldb.com2025-01-27

CVE-2024-12345 | INW Krbyyyzo 25.2002 Daily Huddle Site /gbo.aspx s resource consumption | A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. This vulnerability is known as <a href="https://vuldb.com

cve-2024-12345

https

unknown

endpoint

Social Media

CVE

@CVEnew

2025-01-27

CVE-2024-12345 A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the c… https://t.co/JLo3jwSsGk

transilienceai

@transilienceai

2024-08-01

Actively exploited CVE ID, source in the thread (generated, not vetted) CVE-2024-12345

📚💻 🦇 ℑ𝔞𝔠𝔱𝔦𝔣𝔞𝔦𝔩 🦇💻📚

@TactiFail

2024-04-29

CVE-2024-12345: Out-of-Bands Boolean Oracle in Child Process Description: A five-year-old making a statement of unknown truthfulness can have the truth ascertained by asking “If I ask your teacher will they agree with what you said?” and interpreting the output.

Affected Software

No affected software found for this CVE

References

Reference	Link
VDB-293509 \| CTI INDICATORS (IOB, IOC, IOA)	https://vuldb.com/?ctiid.293509
VDB-293509 \| INW KRBYYYZO DAILY HUDDLE SITE GBO.ASPX RESOURCE CONSUMPTION	https://vuldb.com/?id.293509
[email protected]	https://vuldb.com/?ctiid.293509
[email protected]	https://vuldb.com/?id.293509

CWE Details

CWE ID	CWE Name	Description
CWE-400	Uncontrolled Resource Consumption	The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-404	Improper Resource Shutdown or Release	The program does not release or incorrectly releases a resource before it is made available for re-use.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence