Lucene search

CERT-InVULNRICHMENT:CVE-2024-25102

HistoryMar 06, 2024 - 11:34 a.m.

CVE-2024-25102 Information Disclosure Vulnerability in CDAC AppSamvid Software

2024-03-0611:34:42

CWE-326

CERT-In

github.com

cdac appsamvid

information disclosure

vulnerability

weak hash algorithm

user login

administrative privileges

complete control

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system.

Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system.

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-25102