Vulnerabilities > CVE-2023-48387 - Unspecified vulnerability in Twca Jcicsecuritytool 4.2.3.32

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

twca

NVD

Published: 2023-12-15

Updated: 2024-11-21

Summary

TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Twca Twca Jcicsecuritytool 4.2.3.32	1

References

https://www.twcert.org.tw/tw/cp-132-7602-a47a2-1.html
https://www.twcert.org.tw/tw/cp-132-7602-a47a2-1.html