CVE-2021-22860

EIC e-document system - Broken Authentication

CVSS 9.8 CRITICALEPSS 2.6%

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.8EPSS 2.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 mar 2021Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Excellent Infotek Corporation · e-document system

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3 https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011 https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.html