CVE-2020-3925

Description

A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Changing / ServiSign Windows versions0 – 1.0.19.0617

References

MISChttps://tvn.twcert.org.tw/taiwanvn/TVN-201910005
MISChttps://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce