CVE-2023-48387
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-48387 is a newly discovered vulnerability affecting TAIWAN-CA(TWCA) JCICSecurityTool. The issue lies in the software's failure to verify the source of websites and access locations when executing certain Registry-related functions. An attacker can exploit this vulnerability by creating a malicious webpage. If a user, who has already completed identity verification, visits this malicious page while using the JCICSecurityTool, the attacker can gain the ability to read or modify any registry file under HKEY_CURRENT_USER, ultimately resulting in remote code execution.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- TWCA
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions