CVE-2024-40720

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/en/cp-139-7971-d9584-2.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7965-8285d-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*

History

09 Aug 2024, 14:36

Type	Values Removed	Values Added
References	~~() https://www.twcert.org.tw/en/cp-139-7971-d9584-2.html -~~	() https://www.twcert.org.tw/en/cp-139-7971-d9584-2.html - Third Party Advisory
References	~~() https://www.twcert.org.tw/tw/cp-132-7965-8285d-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-7965-8285d-1.html - Third Party Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:changingtec:tcb_servisign::::::windows::*
First Time		Changingtec tcb Servisign Changingtec

02 Aug 2024, 12:59

Type	Values Removed	Values Added
Summary		(es) La API específica en TCBServiSign Windows Version de CHANGING Information Technology no valida correctamente la entrada del lado del servidor. Cuando un usuario visita un sitio web falsificado, atacantes remotos no autenticados pueden modificar el registro `HKEY_CURRENT_USER` para ejecutar comandos arbitrarios.

02 Aug 2024, 11:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-02 11:16

Updated : 2024-08-09 14:36

NVD link : CVE-2024-40720

Mitre link : CVE-2024-40720

CVE.ORG link : CVE-2024-40720

JSON object : View

Products Affected

changingtec

tcb_servisign

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2024-40720", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-08-02T11:16:42.763", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-7971-d9584-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7965-8285d-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands."}, {"lang": "es", "value": "La API espec\u00edfica en TCBServiSign Windows Version de CHANGING Information Technology no valida correctamente la entrada del lado del servidor. Cuando un usuario visita un sitio web falsificado, atacantes remotos no autenticados pueden modificar el registro `HKEY_CURRENT_USER` para ejecutar comandos arbitrarios."}], "lastModified": "2024-08-09T14:36:35.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "4F2A798C-915D-4A62-A562-5B1AFE7899A9", "versionEndExcluding": "1.0.24.0318"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}