Lucene search

TwcertCVE-2024-40719

HistoryAug 02, 2024 - 10:16 a.m.

CVE-2024-40719

2024-08-0210:16:00

CWE-326

twcert

web.nvd.nist.gov

tcbservisign

authorization keys

encryption strength

remote attacker

malicious website

impersonation

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.6%

JSON

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it.

Affected configurations

Nvd

Node

changingtectcb_servisignRange<1.0.24.0318windows

VendorProductVersionCPE
changingtectcb_servisign*cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
changingtec	tcb_servisign	*	cpe:2.3:a:changingtec:tcb_servisign::::::windows::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TCBServiSign Windows Version",
    "vendor": "CHANGING Information Technology",
    "versions": [
      {
        "lessThan": "1.0.24.0318",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/en/cp-139-7970-e8ac5-2.html

www.twcert.org.tw/tw/cp-132-7964-5b266-1.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.6%

JSON

Related for CVE-2024-40719