CVE-2024-39342 is a vulnerability in Entrust Instant Financial Issuance software versions 6.8.x and earlier through 6.10.0, involving insecure cryptographic practices within the DCG.Security.dll library. This DLL implements a custom AES encryption scheme that relies on static, hard-coded cryptographic keys rather than generating unique keys per installation. This design flaw significantly weakens the encryption, making it susceptible to straightforward decryption attacks. The vulnerability becomes more critical when combined with CVE-2024-39341, which exposes an encrypted password stored in the "WebAPI.cfg.xml" configuration file. An attacker who can access this file and the DLL can decrypt sensitive information easily, enabling privilege escalation on the Windows host running the software. The vulnerability is classified under CWE-269 (Improper Privilege Management), indicating that it can lead to unauthorized privilege gains. The CVSS 3.1 base score is 6.6, reflecting a medium severity with local attack vector, low attack complexity, requiring privileges but no user interaction, and impacts confidentiality (low), integrity (high), and availability (low). No patches are currently linked, and no known exploits have been reported in the wild, but the risk remains significant due to the potential for privilege escalation in financial issuance environments.

The primary impact of CVE-2024-39342 is unauthorized privilege escalation on Windows hosts running Entrust Instant Financial Issuance software. Attackers with limited access can leverage the static encryption keys and exposed encrypted passwords to decrypt sensitive credentials or configuration data, potentially gaining administrative or system-level privileges. This can lead to unauthorized modifications, data breaches, or disruption of financial issuance processes. Given the software's role in instant financial card issuance, exploitation could compromise the integrity of financial transactions and sensitive customer data. The medium CVSS score reflects moderate risk, but the financial sector's sensitivity elevates the potential damage. Organizations worldwide using affected Entrust versions risk operational disruption, regulatory non-compliance, and reputational damage if exploited.

1. Immediate mitigation should include restricting access to the "WebAPI.cfg.xml" configuration file and the DCG.Security.dll library to trusted administrators only, minimizing the risk of local attackers obtaining encrypted passwords and DLL files. 2. Implement file system permissions and monitoring to detect unauthorized access attempts to these sensitive files. 3. If possible, upgrade to a newer Entrust Instant Financial Issuance version where this vulnerability is addressed or contact Entrust support for patches or workarounds. 4. Consider deploying application whitelisting and endpoint detection and response (EDR) solutions to detect suspicious privilege escalation attempts. 5. Conduct regular audits of user privileges and remove unnecessary local access rights to limit the attack surface. 6. Employ network segmentation to isolate systems running Entrust software from less trusted network zones. 7. Monitor logs for unusual activity indicative of privilege escalation or unauthorized decryption attempts. 8. Educate system administrators about this vulnerability and ensure they follow secure configuration best practices.