CVE-2023-48387

Name of the Vulnerable Software and Affected Versions JCICSecurityTool (affected versions not specified)

Description The issue arises from the JCICSecurityTool's failure to check the source website and access locations when executing multiple Registry-related functions. If a user, who has completed identity verification, browses a malicious webpage, an attacker can exploit this to read or modify any registry file under HKEY CURRENT USER, achieving remote code execution. The tool's Registry-related functions also have insufficient filtering for special characters, allowing an unauthenticated remote attacker to inject malicious scripts into a webpage.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.