AI description
Generated using AI and has not been reviewed by Intruder. May contain errors.
CVE-2024-38272 is a vulnerability affecting Quick Share/Nearby. It allows an attacker to bypass the file acceptance dialog on Quick Share for Windows. Normally, the Quick Share Windows app requires the receiving user to accept a file transfer when the visibility is set to "everyone" or "contacts" mode. This vulnerability allows attackers to circumvent this requirement. To mitigate this issue, it is recommended to upgrade to version 1.0.1724.0 or later of Quick Share.
- Description
- There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Share or above
- Source
- cve-coordination@google.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:nearby:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8225DC5D-71F4-42B4-A401-A8327E178058",
"versionEndExcluding": "1.0.1724.0"
}
],
"operator": "OR"
}
]
}
]