Skip to main content

Jwt Attack CVE-2024-7344

HIGH
Improper Verification of Cryptographic Signature (CWE-347)
2025-01-14 cret@cert.org
Information Disclosure Jwt Attack Neo Impact Greenguard Sysreturn Smart Recovery Ez Back System Hdd King Erecoveryrx Red Hat
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Red Hat
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:03 vuln.today
Patch released
Mar 28, 2026 - 18:03 nvd
Patch available
PoC Detected
Jan 22, 2025 - 15:41 vuln.today
Public exploit code
CVE Published
Jan 14, 2025 - 14:15 nvd
HIGH 8.2

DescriptionCVE.org

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

AnalysisAI

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-347. Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. Affected products include: Cs-Grp Neo Impact, Greenware Greenguard, Howyar Sysreturn, Radix Smart Recovery, Sanfong Ez-Back System.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke
CVE-2026-10795 HIGH POC
8.1 Jun 11

Remote code execution in UpdraftPlus: WP Backup & Migration Plugin for WordPress (versions ≤1.26.4) allows unauthenticat
CVE-2026-41005 CRITICAL
9.0 Jun 11

Authentication bypass in Cloud Foundry UAA (User Account and Authentication) versions 2.0.0 through 78.13.0 allows remot
CVE-2026-50010 HIGH
7.5 Jun 12

TLS hostname verification is silently disabled in Netty's netty-handler module for any client built with SslContextBuild
CVE-2026-50634 MEDIUM
6.5 Jun 11

Signature metadata trust bypass in Apache CXF's JwsJsonContainerRequestFilter allows an attacker who can send JWS JSON-s

Vendor StatusVendor

Share

CVE-2024-7344 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy