exploitDog

CVE-2024-40719

Опубликовано: 02 авг. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it.

Ссылки

https://www.twcert.org.tw/en/cp-139-7970-e8ac5-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7964-5b266-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:changingtec:tcb_servisign:*:*:*:*:*:windows:*:*

Версия до 1.0.24.0318 (исключая)

EPSS

Процентиль: 32%

0.00123

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-326

Связанные уязвимости

GHSA-qx3j-rj87-66pj

CVSS3: 6.5

github

больше 1 года назад

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it.

EPSS

Процентиль: 32%

0.00123

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-326