Lucene search

TwcertCVELIST:CVE-2020-25842

HistoryDec 31, 2020 - 7:45 a.m.

CVE-2020-25842 CHANGING Inc. NHIServiSignAdapter Windows Versions - Arbitrary File Access

2020-12-3107:45:45

twcert

www.cve.org

nhiservisignadapter

encryption

vulnerability

file access

remote attacker

arbitrary files

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

72.8%

JSON

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "NHIServiSignAdapter",
    "vendor": "CHANGING Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.20.0218"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-4270-72392-1.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

72.8%

JSON

Related for CVELIST:CVE-2020-25842