Lucene search

CERT-InCVELIST:CVE-2024-25102

HistoryMar 06, 2024 - 11:34 a.m.

CVE-2024-25102 Information Disclosure Vulnerability in CDAC AppSamvid Software

2024-03-0611:34:42

CWE-326

CERT-In

www.cve.org

cve-2024-25102

information disclosure

appsamvid

cryptographic algorithm

user login

local administrative privileges

password

exploitation

complete control

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system.

Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AppSamvid Software",
    "vendor": "CDAC",
    "versions": [
      {
        "status": "affected",
        "version": "<=2.0.1"
      }
    ]
  }
]

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-25102