Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Aug 13, 2024

CVE-2024-39891

High
EPSS 29.6%CISA KEV
Twilio/Authy

Description

Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.

EPSS — Exploit Probability

29.6%

Higher than 96.5% of all CVEs

Required Action

https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS; https://nvd.nist.gov/vuln/detail/CVE-2024-39891

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
EPSS
29.6%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Jul 23, 2024

Added to KEV

Jul 23, 2024

Remediation Due

Aug 13, 2024

Affected Product

Twilio

Authy

View all Twilio CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE