CVE-2020-12775

Summary

Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.

Affected Software

VendorProductVersion RangeStatus
Hicoscitizen certificate client-side componentunspecified <= 3.0.0affected
Hicoscitizen certificate client-side componentunspecified <= 1.3.4.12affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References