Vulnerability Details : CVE-2024-45289
The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.
Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option.
Products affected by CVE-2024-45289
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2024-45289
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 14 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-45289
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-11-13 |
CWE ids for CVE-2024-45289
-
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.Assigned by: secteam@freebsd.org (Secondary)
References for CVE-2024-45289
-
https://security.netapp.com/advisory/ntap-20250110-0001/
CVE-2024-45289 FreeBSD Vulnerability in NetApp Products | NetApp Product Security
-
https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc
Jump to