Lucene search

[email protected]CVE-2023-48387

HistoryDec 15, 2023 - 9:15 a.m.

CVE-2023-48387

2023-12-1509:15:08

CWE-79

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-48387

taiwan

twca

jcicsecuritytool

registry

filtering

special characters

remote attacker

malicious script

xss

cross-site scripting

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.

Affected configurations

NVD

Node

twcajcicsecuritytoolMatch4.2.3.32

CPENameOperatorVersion
twca:jcicsecuritytooltwca jcicsecuritytooleq4.2.3.32

CPE	Name	Operator	Version
twca:jcicsecuritytool	twca jcicsecuritytool	eq	4.2.3.32

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "JCICSecurityTool",
    "vendor": "TAIWAN-CA(TWCA)",
    "versions": [
      {
        "status": "affected",
        "version": "4.2.3.32"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7602-a47a2-1.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2023-48387

cvelist1 prion1 nvd1