PT-2024-35499 · Unknown · Iota C.Ai Conversational Platform
Jeremy Chen
+1
·
Published
2024-11-27
·
Updated
2026-03-06
·
CVE-2024-52958
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H |
Name of the Vulnerable Software and Affected Versions:
iota C.ai Conversational Platform versions 1.0.0 through 2.1.3
Description:
The issue is related to an improper verification of cryptographic signature vulnerability in plugin management. This allows remote authenticated users to load a malicious DLL via the upload plugin function. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. Technical details include the use of the
upload plugin function to load a malicious DLL.Recommendations:
For versions 1.0.0 through 2.1.3, update to a version that includes a fix for the improper verification of cryptographic signature vulnerability in plugin management.
As a temporary workaround, consider disabling the plugin upload function until a patch is available.
Restrict access to the plugin management module to minimize the risk of exploitation.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iota C.Ai Conversational Platform