← back
CVE-2020-25842

CHANGING Inc. NHIServiSignAdapter Windows Versions - Arbitrary File Access

CVSS 7.5 HIGHEPSS 0.5%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Dec 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
CHANGING Inc. · NHIServiSignAdapter

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/tw/cp-132-4270-72392-1.html