VDB
CVE-2024-2365
CVE-2024-2365
PUBLISHED
CVSS 1.600000023841858 LOW
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability.
EPSS 0.05% · 17.3th percentile
Risk Scores
CVSS 3.1
1.600000023841858
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.05%
17.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| musicshelf | musicshelf | 1.0, 1.1, 1.0 |
| n/a | Musicshelf | 1.1, 1.0, 1.0 |
| kirillmakarov | musicshelf | 1.1, 1.1 |
Exploit Intelligence
- CIRCL seen: CVE-2024-2365 (circl-sighting)
- CIRCL seen: CVE-2024-2365 (circl-sighting)
- CIRCL seen: CVE-2024-2365 (circl-sighting)
- CIRCL seen: CVE-2024-2365 (circl-sighting)
- CIRCL seen: CVE-2024-2365 (circl-sighting)
- CIRCL seen: CVE-2024-2365 (circl-sighting)
- CIRCL seen: CVE-2024-2365 (circl-sighting)
- CIRCL seen: CVE-2024-2365 (circl-sighting)
- CIRCL seen: CVE-2024-2365 (circl-sighting)
- CIRCL seen: CVE-2024-2365 (circl-sighting)
…and 7 more exploits
Timeline
- Mar 10, 2024 CVE Published
- Mar 11, 2024 EPSS Score
- Mar 11, 2024 PoC Published
- Mar 11, 2024 PoC Published
- Apr 6, 2024 EPSS Score
- May 2, 2024 EPSS Score
- May 28, 2024 EPSS Score
- Jun 23, 2024 EPSS Score
- Jul 19, 2024 EPSS Score
- Aug 5, 2024 CVE Updated
- Aug 18, 2024 EPSS Score
- Sep 13, 2024 EPSS Score