CVE-2024-40719

Published: Aug 2, 2024Modified: Aug 9, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: twcert@cert.org.tw (Secondary)

Description

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it.

Affected (1)

Products: Changingtec: Tcb Servisign

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Changingtec Tcb Servisign	Before 1.0.24.0318

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://www.twcert.org.tw/en/cp-139-7970-e8ac5-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7964-5b266-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.