CVE-2022-35222

EPSS 0.07%
Veröffentlicht 02.08.2022 16:15:10
Zuletzt bearbeitet 21.11.2024 07:10:55
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hinet ≫ Hicos Natural Person Credential Component Client Version3.0.3.30306 SwPlatformlinux

Hinet ≫ Hicos Natural Person Credential Component Client Version3.0.3.30404 SwPlatformmacos

Hinet ≫ Hicos Natural Person Credential Component Client Version3.1.0.00002 SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.216

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-35222

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-35222

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-35222

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-35222