Lucene search

CERT-InCVE-2024-25102

HistoryMar 06, 2024 - 12:15 p.m.

CVE-2024-25102

2024-03-0612:15:45

CWE-326

CERT-In

web.nvd.nist.gov

appsamvid

vulnerability

sha1

hash

nvd

exploitation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

9.0%

JSON

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system.

Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AppSamvid Software",
    "vendor": "CDAC",
    "versions": [
      {
        "status": "affected",
        "version": "<=2.0.1"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-25102