CVE-2019-13028

An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
minvelectronic_identification_cards_client
𝑥
< 3.0.3
minvelectronic_identification_cards_client
𝑥
< 3.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.csirt.gov.sk/aktualne-7d7.html?id=194
https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdf
https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-aktualizujeme-aplikaciu-pre-elektronicky-obciansky-preukaz
https://www.csirt.gov.sk/aktualne-7d7.html?id=194
https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdf
https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-aktualizujeme-aplikaciu-pre-elektronicky-obciansky-preukaz