CVE-2023-48387
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TAIWAN-CA(TWCA) | JCICSecurityTool | 4.2.3.32 | affected |
Weaknesses
- CWE-940: CWE-940 Improper Verification of Source of a Communication Channel
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.