← Voltar para CVEs

CVE-2020-12775

CRITICAL

9.8

Descricao

Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado3/1/2022

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

moica:hicos

Fraquezas (CWE)

CWE-78CWE-78

Referencias

https://moica.nat.gov.tw/rac_plugin.html(twcert@cert.org.tw)

https://www.twcert.org.tw/tw/cp-132-5695-421a7-1.html(twcert@cert.org.tw)

https://moica.nat.gov.tw/rac_plugin.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.twcert.org.tw/tw/cp-132-5695-421a7-1.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.