Lucene search

TwcertVULNRICHMENT:CVE-2024-40722

HistoryAug 02, 2024 - 10:18 a.m.

CVE-2024-40722 CHANGING Information Technology TCBServiSign Windows Version - Stack-based Buffer Overflow

2024-08-0210:18:36

CWE-121

twcert

github.com

cve-2024-40722

changing information technology

tcbservisign

windows version

stack-based buffer overflow

spoofed website

unauthenticated remote attackers

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

17.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service.

CNA Affected

[
  {
    "vendor": "CHANGING Information Technology",
    "product": "TCBServiSign Windows Version",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.0.24.0318",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.twcert.org.tw/en/cp-139-7973-e10c6-2.html

www.twcert.org.tw/tw/cp-132-7967-9efdf-1.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

17.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-40722