Jian You Chen

Name of the Vulnerable Software and Affected Versions: iota C.ai Conversational Platform versions 1.0.0 through 2.1.3 Description: The issue is related to an improper verification of cryptographic signature vulnerability in plugin management. This allows remote authenticated users to load a malicious DLL via the upload plugin function. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. Technical details include the use of the `upload plugin function` to load a malicious DLL. Recommendations: For versions 1.0.0 through 2.1.3, update to a version that includes a fix for the improper verification of cryptographic signature vulnerability in plugin management. As a temporary workaround, consider disabling the plugin upload function until a patch is available. Restrict access to the plugin management module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iota C.ai Conversational Platform versions 1.0.0 through 2.1.3 **Description** A code injection vulnerability in the plugin management of iota C.ai Conversational Platform allows remote authenticated users to execute arbitrary system commands via a DLL file. This issue is related to improper control of code generation. **Recommendations** For versions 1.0.0 through 2.1.3, consider disabling the plugin management feature to prevent exploitation until a patch is available. Restrict access to the DLL file to minimize the risk of arbitrary system command execution.