CVE-2024-7824

Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Published: Oct 3, 2024 / Updated: 47d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

A Type Confusion vulnerability has been identified in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, and 32 bit platforms, specifically in the wrUrl.Dll modules. This vulnerability allows for Functionality Misuse. The issue affects SecureAnywhere - Web Shield versions prior to 2.1.2.3.

Impact

This vulnerability has a critical severity with a CVSS v3.1 base score of 9.8 out of 10. It can be exploited over the network without requiring user interaction or privileges. The potential impact is severe, with high risks to confidentiality, integrity, and availability of the affected systems. Attackers could potentially misuse functionality, leading to unauthorized access, data manipulation, or system disruption. Given the nature of Web Shield as a security component, compromise could leave systems exposed to further attacks.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Webroot has released version 2.1.2.3 of SecureAnywhere - Web Shield to address this vulnerability. Users should update to this version or later to mitigate the risk.

Mitigation

1. Update Webroot SecureAnywhere - Web Shield to version 2.1.2.3 or later immediately. 2. If immediate patching is not possible, consider temporarily disabling or isolating the affected Web Shield component until the update can be applied. 3. Monitor systems for any unusual activity or unauthorized access attempts. 4. Implement network segmentation to limit potential impact if exploitation occurs. 5. Regularly review and update access controls to minimize potential damage from successful attacks. 6. Keep all other security software and systems up-to-date to provide additional layers of protection.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-7824

Oct 3, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-7824. See article

Oct 3, 2024 at 5:22 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 3, 2024 at 5:22 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 3, 2024 at 7:53 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Oct 4, 2024 at 9:41 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 30, 2024 at 1:55 PM / nvd
Static CVE Timeline Graph

Affected Systems

Webroot/secureanywhere_web_shield
+null more

Patches

answers.webroot.com
+null more

News

CVE Alert: CVE-2024-7824 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-7824/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_7824
CVE Alert: CVE-2024-7824
Everyone that supports the site helps enable new functionality. Affected Endpoints:
CVE-2024-7824
Critical Severity Description Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3. Read more at https://www.tenable.com/cve/CVE-2024-7824
CVE-2024-7824 | Webroot SecureAnywhere Web Shield prior 2.1.2.3 on Windows wrUrl.Dll type confusion
A vulnerability has been found in Webroot SecureAnywhere Web Shield on Windows and classified as critical . This vulnerability affects unknown code in the library wrUrl.Dll . The manipulation leads to type confusion. This vulnerability was named CVE-2024-7824 . Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
NA - CVE-2024-7824 - Access of Resource Using Incompatible Type...
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality...
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI