CVE-2024-40719

Description

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

CHANGING Information Technology / TCBServiSign Windows Version0 – 1.0.24.0318

References

MISChttps://www.twcert.org.tw/tw/cp-132-7964-5b266-1.html
MISChttps://www.twcert.org.tw/en/cp-139-7970-e8ac5-2.html