CVE-2024-40723

{"id": "CVE-2024-40723", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-08-02T11:16:43.520", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-7974-0562f-2.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7968-ce2ef-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service."}, {"lang": "es", "value": "La API espec\u00edfica en HWATAIServiSign Windows Version de CHANGING Information Technology no valida correctamente la longitud de las entradas del lado del servidor. Cuando un usuario visita un sitio web falsificado, atacantes remotos no autenticados pueden provocar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en HWATAIServiSign, interrumpiendo temporalmente su servicio."}], "lastModified": "2024-08-09T14:44:01.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:changingtec:hwatai_servisign:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "358A34CE-1E5F-47F3-AC1E-A2370EEA2C89", "versionEndExcluding": "1.0.24.0219"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}