CVE-2024-25103

Dynamic Link Library (DLL) Hijacking Vulnerability in CDAC AppSamvid Software

Severity Score

6.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.

Esta vulnerabilidad existe en el software AppSamvid debido al uso de componentes vulnerables y obsoletos. Un atacante con privilegios administrativos locales podría aprovechar esto colocando archivos DLL maliciosos en el sistema objetivo. La explotación exitosa de esta vulnerabilidad podría permitir al atacante ejecutar código arbitrario en el sistema objetivo.

*Credits: This vulnerability is reported by Mukund Kedia and Avinash Kumar.

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Multiple

Confidentiality

Partial

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-02-05 CVE Reserved
2024-03-06 CVE Published
2024-03-07 EPSS Updated
2024-09-23 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-426: Untrusted Search Path

CAPEC

CAPEC-38: Leveraging/Manipulating Configuration File Search Paths

References (1)

URL	Tag	Source
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
CDAC Search vendor "CDAC"		AppSamvid Software Search vendor "CDAC" for product "AppSamvid Software"				<= 2.0.1 Search vendor "CDAC" for product "AppSamvid Software" and version " <= 2.0.1"		en		Affected