Lucene search

TwcertCVELIST:CVE-2020-25845

HistoryDec 31, 2020 - 7:45 a.m.

CVE-2020-25845 CHANGING Inc. NHIServiSignAdapter Windows Versions - Information Leakage -1

2020-12-3107:45:47

twcert

www.cve.org

cve-2020-25845

changing inc.

nhiservisignadapter

information leakage

smb request

malicious host

user's credential

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user’s credential.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "NHIServiSignAdapter",
    "vendor": "CHANGING Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.20.0218"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-4273-24e01-1.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.3%

JSON

Related for CVELIST:CVE-2020-25845