CVE-2024-54681: Ossur Mobile Logic Application Command Injection

3.5 CVSS

Description

Multiple bash files were present in the application's private directory.
Bash files can be used on their own, by an attacker that has already
full access to the mobile platform to compromise the translations for
the application.

Classification

CVE ID: CVE-2024-54681

CVSS Base Severity: LOW

CVSS Base Score: 3.5

Affected Products

Vendor: Ossur

Product: Mobile Logic Application

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.66% (scored less or equal to compared to others)

EPSS Date: 2025-02-15 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01

Timeline

2025-01-18 00:30:29 UTC
CVE

Ossur Mobile Logic Application Command Injection