CVE-2020-3925

Sažetak

A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.

Reference

https://tvn.twcert.org.tw/taiwanvn/TVN-201910005
https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-02-2020 - 14:55

Objavljeno

03-02-2020 - 11:15