{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-25103",
        "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
        "state": "PUBLISHED",
        "assignerShortName": "CERT-In",
        "dateReserved": "2024-02-05T07:50:59.669Z",
        "datePublished": "2024-03-06T11:42:58.575Z",
        "dateUpdated": "2024-09-23T11:19:05.925Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "product": "AppSamvid Software",
                    "vendor": "CDAC",
                    "versions": [
                        {
                            "status": "affected",
                            "version": "<=2.0.1"
                        }
                    ]
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "type": "finder",
                    "value": "This vulnerability is reported by Mukund Kedia and Avinash Kumar."
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system.<br><br>Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.<br>"
                        }
                    ],
                    "value": "This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system."
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-38",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "LOCAL",
                        "availabilityImpact": "HIGH",
                        "baseScore": 6.3,
                        "baseSeverity": "MEDIUM",
                        "confidentialityImpact": "LOW",
                        "integrityImpact": "HIGH",
                        "privilegesRequired": "HIGH",
                        "scope": "UNCHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-426",
                            "description": "CWE-426 Untrusted Search Path",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
                "shortName": "CERT-In",
                "dateUpdated": "2024-09-23T11:19:05.925Z"
            },
            "references": [
                {
                    "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081"
                }
            ],
            "solutions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "Upgrade to AppSamvid version 2.0.2 or later.<br><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://cdac.in/index.aspx?id=cs_eps_appsamvid\">https://cdac.in/index.aspx?id=cs_eps_appsamvid</a><br>"
                        }
                    ],
                    "value": "Upgrade to AppSamvid version 2.0.2 or later.\n\n https://cdac.in/index.aspx?id=cs_eps_appsamvid"
                }
            ],
            "source": {
                "discovery": "UNKNOWN"
            },
            "title": "Dynamic Link Library (DLL) Hijacking Vulnerability in CDAC AppSamvid Software",
            "x_generator": {
                "engine": "Vulnogram 0.2.0"
            }
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-01T23:36:21.613Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            },
            {
                "affected": [
                    {
                        "vendor": "cdac",
                        "product": "appsamvid_software",
                        "cpes": [
                            "cpe:2.3:a:cdac:appsamvid_software:*:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "0",
                                "status": "affected",
                                "lessThanOrEqual": "2.0.1",
                                "versionType": "custom"
                            }
                        ]
                    }
                ],
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-03-06T16:51:32.411086Z",
                                "id": "CVE-2024-25103",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-08-29T13:31:27.346Z"
                }
            }
        ]
    }
}