PT-2022-8392 · Hicos · Hicos Citizen Certificate Client-Side

Cyku Hong

Published

2022-03-01

Updated

2022-03-10

CVE-2020-12775

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Hicos citizen certificate client-side component (affected versions not specified)

Description The Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this issue to perform a command injection attack, allowing the execution of arbitrary system commands, disruption of the system, or termination of services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-12775

Affected Products

Hicos Citizen Certificate Client-Side

PT-2022-8392 · Hicos · Hicos Citizen Certificate Client-Side

CVE-2020-12775

Weakness Enumeration

Related Identifiers

Affected Products

References · 6