title

Discovery and Analysis of CVE-2024-12248

charset

utf-8

description

Aarno Labs

keywords

cybersecurity, cyber, static analysis, dynamic analysis, runtime analysis, zero trust, supply chain security, darpa, mit, binary analysis, patching, application security, appsec, malware, exploits, verification

author

Aarno Labs

og:type

website

og:title

Discovery and Analysis of CVE-2024-12248

og:description

This post demonstrates how CodeHawk can be employed to discover and understand vulnerabilities in stripped binaries with high-assurance automation. We focus on our discovery, analysis, and disclosure of CVE 2024-12248, a high-severity vulnerability in the Contec CMS 8000 Patient Monitor. CodeHawk's automated memory safety analysis is applied to the lifting of a stripped firmware binary from the device. The analysis output flags the buffer-overflow vulnerability as an attacker-controlled violation. CodeHawk also demonstrates that the overflow is completely unbounded, enabling remote code execution on the device.

og:url

https://www.aarno-labs.com/blog/post/discovery-and-analysis-of-cve-2024-12248/

apple-touch-icon

/static/assets/favicon/apple-touch-icon.fd7c0505cf76.png

canonical

https://www.aarno-labs.com/blog/post/discovery-and-analysis-of-cve-2024-12248/

icon

/static/assets/favicon/favicon-96x96.337bd525785b.png

icon

/static/assets/favicon/favicon.68c4c5da30ff.svg

manifest

/static/assets/favicon/site.54b50c619bb7.webmanifest