CVE-2024-3334

A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0. This allows a user to circumvent encryption controls by modifying metadata on the USB device thereby compromising the confidentiality of the stored data.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.fortra.com/endpoint-dlp/kb-articles/dg-support-notice-security-bypass-vulnerability-with-rme-MTQwYTM5NTctZDk4Ny1lZjExLWFjMjEtNjA0NWJkMDFhMzQ3
https://www.fortra.com/security/advisories/product-security/fi-2024-013

Configurations

No configuration.

History

18 Nov 2024, 17:11

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de omisión de seguridad en el componente de cifrado de medios extraíbles (RME) de los agentes de Windows de Digital Guardian anteriores a la versión 8.2.0. Esto permite que un usuario eluda los controles de cifrado modificando los metadatos en el dispositivo USB, lo que pone en peligro la confidencialidad de los datos almacenados.

15 Nov 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-15 20:15

Updated : 2024-11-18 17:11

NVD link : CVE-2024-3334

Mitre link : CVE-2024-3334

CVE.ORG link : CVE-2024-3334

JSON object : View

Products Affected

No product.

CWE

CWE-922

Insecure Storage of Sensitive Information

4.3 /10