Potential Security Risk: Insecure API Validation in TCBServiSign
CVE-2024-40721

8.8HIGH

Key Information:

Vendor: CHANGING Information Technology
Status: Tcb Servisign
Vendor: CVE Published:; 2 August 2024

Summary

A security flaw exists in the API of TCBServiSign Windows from CHANGING Information Technology that fails to properly validate input from servers. This vulnerability allows unauthenticated remote attackers to exploit a spoofed website, potentially causing TCBServiSign to load dynamic link libraries (DLLs) from an arbitrary and potentially malicious path. Such a scenario may result in the execution of arbitrary code on affected systems, thereby compromising the application's integrity and security.

References

https://www.twcert.org.tw/tw/cp-132-7966-8c6c3-1.html

https://www.twcert.org.tw/en/cp-139-7972-01a6e-2.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2024