CVE-2024-27120 HIGH

CVE-2024-27120: Local File Inclusion in ComfortKey before version 24.1.2

Vendor Celsius Benelux

Product ComfortKey

Weakness CWE-200 · Info exposure

Published August 14, 2024

Last update March 11, 2025

View on NVD All CVEs

CVSS base score

7.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Red

What the vulnerability does

01Description

A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.

Key dates

02Disclosure timeline

August 14, 2024 CVE published

March 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-27120 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2024-27120: Local File Inclusion in ComfortKey before version 24.1.2

01Description

02Disclosure timeline

03References

04Related CVE