ChangingTec MegaServiSignAdapter - Improper Input Validation

Vulnerability

The ChangingTech MegaServiSignAdapter component on Windows version 1.0.17.0823 suffers from an improper input validation vulnerability [1]. The specific functionality does not filter or validate parameter values passed to it, allowing an unauthenticated remote attacker to write to HKEY_CURRENT_USER subkeys, such as AutoRUN [1]. This affects the MegaServiSignAdapter Windows component up to version 1.0.17.0823 [1].

Exploitation

No authentication or user interaction is required; the attacker only needs network access to the vulnerable system [1]. By sending a crafted request with malicious input to the unvalidated parameter, the attacker can write arbitrary registry entries under HKEY_CURRENT_USER [1]. This can be done remotely without any prior privileges [1].

Impact

Successful exploitation allows the attacker to execute malicious scripts via the registry key (e.g., AutoRUN), potentially gaining control of the system or terminating critical services [1]. The CVSS v3.1 score is 9.8 (Critical), reflecting full compromise of confidentiality, integrity, and availability [1].

Mitigation

The vendor released a fix in version v1.0.22.1004 of MegaServiSignAdapter for Windows [1]. Users should update to this patched version to remediate the vulnerability. No workarounds are mentioned in the reference.