Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1149", "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65", "state": "PUBLISHED", "assignerShortName": "Snow", "dateReserved": "2024-02-01T09:47:48.899Z", "datePublished": "2024-02-08T13:01:03.806Z", "dateUpdated": "2025-05-15T19:40:41.899Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Inventory Agent", "vendor": "Snow Software", "versions": [{"lessThanOrEqual": "6.12.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Inventory Agent", "vendor": "Snow Software", "versions": [{"lessThanOrEqual": "6.14.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Inventory Agent", "vendor": "Snow Software", "versions": [{"lessThanOrEqual": "6.7.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-02-08T12:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.<p>This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.</p>"}], "value": "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.\n\n"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65", "shortName": "Snow", "dateUpdated": "2024-02-08T13:01:03.806Z"}, "references": [{"url": "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper validation of update packages", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.511Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T15:45:43.042291Z", "id": "CVE-2024-1149", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-15T19:40:41.899Z"}}]}}