CVE-2024-1721
CVE-2024-1721 is a medium-severity vulnerability with a CVSS 4.0 base score of 5.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-347.
Key facts
- Severity: Medium (CVSS 4.0 base score 5.6)
- EPSS exploit prediction: 0% (1st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2024-17455
- Weakness: CWE-347
- Published:
- Last modified:
Description
Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1.
Frequently asked questions
- What is CVE-2024-1721?
- Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1.
- How severe is CVE-2024-1721?
- CVE-2024-1721 has a CVSS 4.0 base score of 5.6, rated medium severity.
- Is CVE-2024-1721 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (1st percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2024-1721?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2024-1721 have an EU (EUVD) identifier?
- Yes. CVE-2024-1721 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-17455.
- When was CVE-2024-1721 published?
- CVE-2024-1721 was published on 2024-05-21 and last updated on 2026-06-17.
References
Other CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities
- CVE-2026-48558 — Critical (CVSS 10.0): SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the…
- CVE-2023-25574 — Critical (CVSS 10.0): `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI).…
- CVE-2024-45409 — Critical (CVSS 10.0): The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <=…
- CVE-2024-32962 — Critical (CVSS 10.0): xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default…
- CVE-2022-24884 — Critical (CVSS 10.0): ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()`…
- CVE-2021-33885 — Critical (CVSS 10.0): An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a…
Browse all CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities →