Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-1149

Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.

Published

2024-02-08T13:15:09.147

Last Modified

2024-11-21T08:49:54.630

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-347
Type: Primary
CWE-347

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	snowsoftware	snow_inventory_agent	< 6.7.2	Yes
Application	snowsoftware	snow_inventory_agent	< 6.14.5	Yes
Application	snowsoftware	snow_inventory_agent	6.12.0	Yes
Operating System	apple	macos	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK Vendor Advisory ([email protected])
https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)