CVE-2024-12839

HIGH EPSS 47.6%

Published Dec 31, 20241y ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Dec 31, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote attacker who obtains this signature can use it to log into the system with any device.

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

47.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-294

References 2

twcert.org.tw https://www.twcert.org.tw/en/cp-139-8335-e4a3f-2.html
twcert.org.tw https://www.twcert.org.tw/tw/cp-132-8334-8b836-1.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.