Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-24694

Summary
Assigner-Zoom
Assigner Org ID-99b9af0d-a833-4a5d-9e2f-8b1324f35351
Published At-09 Apr, 2024 | 17:13
Updated At-20 Sep, 2024 | 14:41
Rejected At-
Credits

Zoom Desktop Client for Windows - Improper Privilege Management

Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zoom
Assigner Org ID:99b9af0d-a833-4a5d-9e2f-8b1324f35351
Published At:09 Apr, 2024 | 17:13
Updated At:20 Sep, 2024 | 14:41
Rejected At:
▼CVE Numbering Authority (CNA)
Zoom Desktop Client for Windows - Improper Privilege Management

Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Affected Products
Vendor
Zoom Communications, Inc.Zoom Video Communications, Inc.
Product
Zoom Desktop Client for Windows
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • before version 5.17.10
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347 Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347 Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zoom.com/en/trust/security-bulletin/zsb-24011/
N/A
Hyperlink: https://www.zoom.com/en/trust/security-bulletin/zsb-24011/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zoom.com/en/trust/security-bulletin/zsb-24011/
x_transferred
Hyperlink: https://www.zoom.com/en/trust/security-bulletin/zsb-24011/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Zoom Communications, Inc.zoom
Product
workplace_desktop
CPEs
  • cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 5.17.10 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zoom.us
Published At:09 Apr, 2024 | 18:15
Updated At:31 Jul, 2025 | 20:26

Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 5.7.10(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-347Secondarysecurity@zoom.us
CWE ID: CWE-347
Type: Secondary
Source: security@zoom.us
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zoom.com/en/trust/security-bulletin/zsb-24011/security@zoom.us
Vendor Advisory
https://www.zoom.com/en/trust/security-bulletin/zsb-24011/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.zoom.com/en/trust/security-bulletin/zsb-24011/
Source: security@zoom.us
Resource:
Vendor Advisory
Hyperlink: https://www.zoom.com/en/trust/security-bulletin/zsb-24011/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

73Records found
CVE-2021-26391
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.07%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_rx_5500mradeon_rx_5700radeon_rx_6800mryzen_5_5600hsradeon_pro_w6600mryzen_5_5600hs_firmwareryzen_7_5700ge_firmwareradeon_rx_vega_56_firmwareradeon_rx_6300mryzen_9_5980hsradeon_rx_6750_xtradeon_pro_w5700xradeon_rx_6800radeon_pro_w6800ryzen_3_5300geryzen_5_5560u_firmwareryzen_5_5600ge_firmwareradeon_pro_w5500xradeon_rx_6600sryzen_5_5600gryzen_7_5800h_firmwareradeon_pro_w6600radeon_rx_6650m_xtradeon_pro_w6900xryzen_9_5900hx_firmwareryzen_7_5700g_firmwareradeon_rx_6800sryzen_3_5300gryzen_7_5800hradeon_rx_6950_xtryzen_9_5980hx_firmwareradeon_rx_6700mradeon_rx_5300ryzen_5_5600u_firmwareradeon_rx_6700_xtradeon_rx_5300mryzen_3_5300uryzen_5_5500uradeon_rx_vega_56ryzen_9_5900hs_firmwareradeon_rx_6800_xtradeon_pro_w6800xryzen_3_5400uryzen_5_5600g_firmwareradeon_rx_6400radeon_rx_5700mradeon_rx_5500_xtryzen_7_5800hs_firmwareradeon_pro_w6300mradeon_rx_6650_xtradeon_softwareradeon_pro_w5500ryzen_7_5700uryzen_9_5900hxradeon_rx_6500_xtradeon_rx_vega_64radeon_rx_5600radeon_rx_5600_xtryzen_5_5560uryzen_3_5400u_firmwareryzen_9_5980hs_firmwareradeon_pro_w5700ryzen_5_5600h_firmwareradeon_rx_6900_xtradeon_rx_5300_xtradeon_rx_5500ryzen_5_5600geradeon_pro_w6400radeon_rx_6500mryzen_3_5300ge_firmwareryzen_7_5800uryzen_3_5300g_firmwareradeon_rx_vega_64_firmwareryzen_7_5700gradeon_rx_6600_xtradeon_rx_6600mryzen_5_5500u_firmwareryzen_9_5980hxradeon_pro_w6800x_duoradeon_pro_softwareradeon_rx_5700_xtryzen_7_5800hsryzen_5_5600uradeon_rx_6700ryzen_7_5700u_firmwareradeon_rx_5600mradeon_rx_6700sradeon_rx_6650mryzen_3_5300u_firmwareenterprise_driverryzen_7_5800u_firmwareradeon_rx_6600ryzen_9_5900hsryzen_5_5600hradeon_rx_6850m_xtradeon_pro_w6600xryzen_7_5700geradeon_pro_w6500mAMD Radeon RX 5000 Series & PRO W5000 SeriesAMD Radeon RX 6000 Series & PRO W6000 Series
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-1366
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.80% / 73.07%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 16:55
Updated-08 Nov, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-41669
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7||HIGH
EPSS-0.03% / 5.76%
||
7 Day CHG~0.00%
Published-04 Nov, 2022 | 00:00
Updated-02 May, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Action-Not Available
Vendor-Schneider Electric SE
Product-ecostruxure_operator_terminal_expertpro-face_bluePro-face BLUEEcoStruxure Operator Terminal Expert
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-34459
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.05%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 04:28
Updated-27 Mar, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-49413
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.1||HIGH
EPSS-0.03% / 8.44%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 05:47
Updated-10 Feb, 2025 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-47476
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 09:59
Updated-03 Feb, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-networker_management_consoleNetWorker Management Consolenetworker_management_console
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-28796
Matching Score-4
Assigner-Zscaler, Inc.
ShareView Details
Matching Score-4
Assigner-Zscaler, Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 1.16%
||
7 Day CHG~0.00%
Published-23 Oct, 2023 | 13:28
Updated-27 Feb, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IPC Bypass Through PLT Section in ELF

Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.

Action-Not Available
Vendor-Zscaler, Inc.
Product-client_connectorClient Connector
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-2790
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.19%
||
7 Day CHG+0.02%
Published-19 Aug, 2022 | 22:32
Updated-16 Apr, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).

Action-Not Available
Vendor-emersonEmerson Electric
Product-electric\'s_proficyProficy Machine Edition
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-41744
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.14%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 15:14
Updated-01 Oct, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.

Action-Not Available
Vendor-Apple Inc.Acronis (Acronis International GmbH)
Product-cyber_protectmacosagentAcronis AgentAcronis Cyber Protect 15cyber_protectagent
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-28045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.98%
||
7 Day CHG~0.00%
Published-01 Nov, 2020 | 17:39
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD.

Action-Not Available
Vendor-paxn/a
Product-prolinosn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-38418
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.42%
||
7 Day CHG~0.00%
Published-02 Aug, 2023 | 15:55
Updated-17 Oct, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Edge Client for macOS vulnerability

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-access_policy_manager_clientsbig-ip_access_policy_managerBIG-IP Edge Client
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-24115
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.69%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-16 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation due to unrestricted loading of unsigned libraries

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287

Action-Not Available
Vendor-Apple Inc.Acronis (Acronis International GmbH)
Product-true_imagecyber_protect_home_officemacosAcronis Cyber Protect Home OfficeAcronis True Image 2021
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-1464
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.83% / 90.18%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.
Windows Spoofing Vulnerability

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_8.1windows_server_2008windows_server_1909windows_rt_8.1windows_server_2012windows_server_2019windows_10_1709windows_7windows_10_1607windows_server_2016windows_10_1803windows_10_1909windows_10_1507windows_server_1903windows_10_1809windows_10_1903windows_10_2004windows_server_2004Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1803Windows Server 2019Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows 10 Version 1903 for x64-based SystemsWindows Server, version 1909 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 7 Service Pack 1Windows Server 2016 (Server Core installation)Windows 7Windows 10 Version 1709Windows 10 Version 2004Windows 10 Version 1903 for ARM64-based SystemsWindows Server version 2004Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-10608
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 22:46
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.

Action-Not Available
Vendor-osisoftn/a
Product-pi_data_collection_managerpi_data_archivepi_integratorpi_connector_relaypi_interface_configuration_utilitypi_to_ocspi_apipi_buffer_subsystempi_connectorOSIsoft PI System multiple products and versions
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-35039
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.58%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 00:57
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-36277
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_center_applicationcommand_\|_updateupdate\/alienware_updateAlienware Command Center (AWCC)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2002-1796
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.24%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

Action-Not Available
Vendor-n/aHP Inc.
Product-chaivm_ezloaderlaserjet_8150laserjet_4550laserjet_4100laserjet_4500n/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-4418
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 09:56
Updated-22 Jan, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)
Product-windowscyber_protect_home_officeAcronis Cyber Protect Home Office
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-10575
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.80%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SDM850

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm850sda845_firmwaresdm845sda845sdm845_firmwareSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-10562
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.22%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwarekamorta_firmwaresa6155p_firmwareqcs610sdm636_firmwaresdm845msm8998_firmwaresdm660sdx24sdm630qcs404_firmwaresm8250_firmwaresa415m_firmwaresm7150_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150sa6155psdm670qcs610_firmwaresxr2130qcs605_firmwareipq6018sdm670_firmwareqcs404sdx24_firmwaresm8150_firmwaresxr2130_firmwaresdm636sda845_firmwarerennellsa415msc7180sdm630_firmwaresda660_firmwarerennell_firmwareipq6018_firmwareqcs605sdx55sm6150_firmwaresm8250msm8998sm8150sdm850sda660kamortasdx55_firmwaresxr1130_firmwarenicobar_firmwaresxr1130sdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-20206
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 16:14
Updated-22 Jul, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability

A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.

Action-Not Available
Vendor-Microsoft CorporationCisco Systems, Inc.
Product-windowssecure_clientCisco Secure Client
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-41666
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7||HIGH
EPSS-0.05% / 15.05%
||
7 Day CHG~0.00%
Published-04 Nov, 2022 | 00:00
Updated-02 May, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Action-Not Available
Vendor-Schneider Electric SE
Product-ecostruxure_operator_terminal_expertpro-face_bluePro-face BLUEEcoStruxure Operator Terminal Expert
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-23967
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-08 Mar, 2021 | 14:34
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.

Action-Not Available
Vendor-drwebn/a
Product-security_spacen/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
  • Previous
  • 1
  • 2
  • Next
Details not found