ZUSO Generation 如梭世代

ZUSOART ID

ZA-2024-11

CVE ID

CVE-2024-52958

Vulnerability Type

CWE-347: Improper Verification of Cryptographic Signature

CVSS 4.0 Base

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H(9.3)

Description

A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.

Vendor

Galaxy Software Services Corporation

Product

Category	Version affected
iota C.ai Conversational Platform	from 1.0.0 through 2.1.3

Product Support

Update iota C.ai Conversational Platform to 2.2.0.
Contact Galaxy Software Services Corporation for version updates.

Release date

2024/11/27

Credit

Jian You Chen (Jeremy Chen) of ZUSO ART

Vulnerability reporting

iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature