CERT-In Vulnerability Note
CIVN-2024-0081
Multiple Vulnerabilities in CDAC AppSamvid Software
Original Issue Date:March 04, 2024
Severity Rating: HIGH
Software Affected
- AppSamvid version 2.0.1 and prior
Overview
Multiple vulnerabilities have been reported in AppSamvid software which could allow a local authenticated attacker to take control of the application or execute code on the targeted system.
Description
1. Sensitive Information Exposure Vulnerability
(
CVE-2024-25102
)
This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system.
2. Dynamic Link Library (DLL) Hijacking Vulnerability
(
CVE-2024-25103
)
This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.
Credit
These vulnerabilities are reported by Mukund Kedia and Avinash Kumar.
Solution
Upgrade to AppSamvid version 2.0.2 or later.
Vendor Information
CDAC-Hyderabad
https://cdac.in/index.aspx?id=cs_eps_appsamvid
References
CDAC-Hyderabad
https://cdac.in/index.aspx?id=cs_eps_appsamvid
CVE Name
CVE-2024-25102
CVE-2024-25103
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|