Vulnerabilities > CVE-2023-48387 - Improper Verification of Source of a Communication Channel vulnerability in Twca Jcicsecuritytool 4.2.3.32

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

twca

CWE-940

NVD

Published: 2023-12-15

Updated: 2024-10-14

Summary

TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Twca Twca Jcicsecuritytool 4.2.3.32	1

Common Weakness Enumeration (CWE)

CWE-940 - Improper Verification of Source of a Communication Channel

References

https://www.twcert.org.tw/tw/cp-132-7602-a47a2-1.html