CVE-2024-54681 LOW

CVE-2024-54681: Ossur Mobile Logic Application Command Injection

Vendor Ossur
Product Mobile Logic Application
Weakness CWE-77
Published January 17, 2025
Last update January 21, 2025

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application.

Key dates

02Disclosure timeline

January 17, 2025 CVE published
January 21, 2025 Record updated