CVE-2024-13175: Vidco VOC TESTER Vulnerable to Authorization Bypass

CVE-2024-13175: Vidco VOC TESTER Vulnerable to Authorization Bypass Through User-Controlled Key

A vulnerability has been identified in Vidco Software's VOC TESTER that could allow attackers to bypass authorization checks and potentially gain unauthorized access to sensitive information. This issue affects versions prior to 12.41.0.

Vulnerability Details

• CVE ID: CVE-2024-13175
• Description: The Vidco Software VOC TESTER is susceptible to an Authorization Bypass Through User-Controlled Key vulnerability, enabling Forceful Browsing. An attacker can potentially manipulate user-controlled keys to bypass authorization and access restricted resources.
• CVSS Score: 5.5 (Medium)
• CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
• CVSS Explanation: This CVSS vector indicates that the vulnerability can be exploited locally with low privileges and does not require user interaction. Successful exploitation leads to high confidentiality impact (unauthorized information disclosure) but no impact on integrity or availability.
• Exploit Requirements: An attacker requires local access and low privileges to exploit this vulnerability.
• Affected Vendor: Vidco Software
• Affected Product: VOC TESTER
• Affected Version: Versions before 12.41.0
• CWE: CWE-639 - Authorization Bypass Through User-Controlled Key
• CWE Explanation: CWE-639 refers to a vulnerability where the application relies on a user-controlled key or parameter to make authorization decisions. An attacker can manipulate this key to bypass intended access controls.

Timeline of Events

• Report Date: Received
• Disclosure Date: 2025-07-18

Exploitability & Real-World Risk

The vulnerability can be exploited by an attacker with local access. This may be achieved if an attacker already has a foothold on the system or through social engineering tactics to gain local access. Successful exploitation can lead to unauthorized access to sensitive information, potentially impacting confidentiality.

Recommendations

• Upgrade: Upgrade to Vidco VOC TESTER version 12.41.0 or later.
• Access Controls: Review and strengthen access control mechanisms to prevent unauthorized access.

Technical Insight

The application likely uses a user-controlled key to determine access rights. By manipulating this key, an attacker can bypass the intended authorization checks, gaining access to resources they should not have.

Credit to Researcher(s)

This vulnerability was reported by USOM (iletisim@usom.gov.tr).

References

• USOM Advisory TR-25-0159
• CVE-2024-13175

Tags

Authorization Bypass, Vidco VOC TESTER, CVE-2024-13175, Security Vulnerability, Forceful Browsing

Summary: Vidco VOC TESTER versions before 12.41.0 are vulnerable to an authorization bypass via user-controlled keys, potentially allowing unauthorized access to sensitive information through forceful browsing. Upgrade to the latest version to mitigate this risk.

CVE ID: CVE-2024-13175

Risk Analysis: Successful exploitation can lead to unauthorized access to sensitive information, potentially compromising confidentiality.

Recommendation: Upgrade to Vidco VOC TESTER version 12.41.0 or later and review access control mechanisms.

Timeline

• 2025-07-18: CVE-2024-13175 Published

References

• https://www.usom.gov.tr/bildirim/tr-25-0159