go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Changing Information Technology Inc. RAVA certificate validation system - Command Injection

TVN ID TVN-202209013
CVE ID CVE-2022-39057
CVSS 7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products Changing Information Technology Inc. RAVA certificate validation system v3
Description Changingtec RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service.
Solution Contact tech support from Changing
Credit Amos Tsai蔡啟仁 (Acer Cyber Security Inc., ACSI)
Public Date 2022-10-18

Links

  1. CVE-2022-39057
Top