CVE-2024-25140 (GCVE-0-2024-25140)

Vulnerability from cvelistv5 – Published: 2024-02-06 00:00 – Updated: 2024-08-29 17:56 Disputed
VLAI?
Summary
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:36:21.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=39256493"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rustdesk/rustdesk/discussions/6444"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://serverfault.com/questions/837994"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:rustdesk:rustdesk:1.2.3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rustdesk",
            "vendor": "rustdesk",
            "versions": [
              {
                "status": "affected",
                "version": "1.2.3"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-25140",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-29T17:50:30.872844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T17:56:43.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor\u0027s position is \"we do not have EV cert, so we use test cert as a workaround.\" Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-06T08:21:43.197901",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://news.ycombinator.com/item?id=39256493"
        },
        {
          "url": "https://github.com/rustdesk/rustdesk/discussions/6444"
        },
        {
          "url": "https://serverfault.com/questions/837994"
        }
      ],
      "tags": [
        "disputed"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-25140",
    "datePublished": "2024-02-06T00:00:00",
    "dateReserved": "2024-02-06T00:00:00",
    "dateUpdated": "2024-08-29T17:56:43.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rustdesk:rustdesk:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7967159-D276-41AA-AB79-5230D05B1E11\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "cveTags": "[{\"sourceIdentifier\": \"cve@mitre.org\", \"tags\": [\"disputed\"]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor\u0027s position is \\\"we do not have EV cert, so we use test cert as a workaround.\\\" Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.\"}, {\"lang\": \"es\", \"value\": \"Una instalaci\\u00f3n predeterminada de RustDesk 1.2.3 en Windows coloca un certificado WDKTestCert bajo Autoridades de certificaci\\u00f3n ra\\u00edz confiables con uso de clave mejorado de firma de c\\u00f3digo (1.3.6.1.5.5.7.3.3), v\\u00e1lido desde 2023 hasta 2033. Esto es potencialmente no deseado, por ejemplo , porque no existe documentaci\\u00f3n p\\u00fablica sobre las medidas de seguridad para la clave privada, y se podr\\u00eda firmar software arbitrario si la clave privada se viera comprometida. NOTA: la posici\\u00f3n del proveedor es \\\"no tenemos un certificado EV, por lo que utilizamos el certificado de prueba como workaround\\\". La inserci\\u00f3n en autoridades de certificaci\\u00f3n ra\\u00edz de confianza era el comportamiento previsto originalmente y la interfaz de usuario garantizaba que el paso de instalaci\\u00f3n del certificado (marcado de forma predeterminada) fuera visible para el usuario antes de continuar con la instalaci\\u00f3n del producto.\"}]",
      "id": "CVE-2024-25140",
      "lastModified": "2024-11-21T09:00:19.800",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-02-06T09:15:52.827",
      "references": "[{\"url\": \"https://github.com/rustdesk/rustdesk/discussions/6444\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39256493\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://serverfault.com/questions/837994\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Technical Description\"]}, {\"url\": \"https://github.com/rustdesk/rustdesk/discussions/6444\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39256493\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://serverfault.com/questions/837994\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Technical Description\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-25140\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-02-06T09:15:52.827\",\"lastModified\":\"2024-11-21T09:00:19.800\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor\u0027s position is \\\"we do not have EV cert, so we use test cert as a workaround.\\\" Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.\"},{\"lang\":\"es\",\"value\":\"Una instalaci\u00f3n predeterminada de RustDesk 1.2.3 en Windows coloca un certificado WDKTestCert bajo Autoridades de certificaci\u00f3n ra\u00edz confiables con uso de clave mejorado de firma de c\u00f3digo (1.3.6.1.5.5.7.3.3), v\u00e1lido desde 2023 hasta 2033. Esto es potencialmente no deseado, por ejemplo , porque no existe documentaci\u00f3n p\u00fablica sobre las medidas de seguridad para la clave privada, y se podr\u00eda firmar software arbitrario si la clave privada se viera comprometida. NOTA: la posici\u00f3n del proveedor es \\\"no tenemos un certificado EV, por lo que utilizamos el certificado de prueba como workaround\\\". La inserci\u00f3n en autoridades de certificaci\u00f3n ra\u00edz de confianza era el comportamiento previsto originalmente y la interfaz de usuario garantizaba que el paso de instalaci\u00f3n del certificado (marcado de forma predeterminada) fuera visible para el usuario antes de continuar con la instalaci\u00f3n del producto.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustdesk:rustdesk:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7967159-D276-41AA-AB79-5230D05B1E11\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://github.com/rustdesk/rustdesk/discussions/6444\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=39256493\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://serverfault.com/questions/837994\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Technical Description\"]},{\"url\":\"https://github.com/rustdesk/rustdesk/discussions/6444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=39256493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://serverfault.com/questions/837994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Technical Description\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://news.ycombinator.com/item?id=39256493\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/rustdesk/rustdesk/discussions/6444\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://serverfault.com/questions/837994\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:36:21.656Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-25140\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-29T17:50:30.872844Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:rustdesk:rustdesk:1.2.3:*:*:*:*:*:*:*\"], \"vendor\": \"rustdesk\", \"product\": \"rustdesk\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.2.3\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-29T17:54:03.168Z\"}}], \"cna\": {\"tags\": [\"disputed\"], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://news.ycombinator.com/item?id=39256493\"}, {\"url\": \"https://github.com/rustdesk/rustdesk/discussions/6444\"}, {\"url\": \"https://serverfault.com/questions/837994\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor\u0027s position is \\\"we do not have EV cert, so we use test cert as a workaround.\\\" Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-02-06T08:21:43.197901\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-25140\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-29T17:56:43.389Z\", \"dateReserved\": \"2024-02-06T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-02-06T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.