CVE-2020-3925

A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
twcertCNA
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
changingtecservisign
𝑥
≤ 1.0.19.0617
𝑥
= Vulnerable software versions
References
https://tvn.twcert.org.tw/taiwanvn/TVN-201910005
https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce
https://tvn.twcert.org.tw/taiwanvn/TVN-201910005
https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce