Search criteria
1 vulnerability by tssservisignadapter_project
CVE-2021-37909 (GCVE-0-2021-37909)
Vulnerability from cvelistv5 – Published: 2021-09-15 19:10 – Updated: 2024-09-17 00:42
VLAI
Title
CHANGING Inc. TSSServiSignAdapter Windows Versions - Improper Input Validation
Summary
WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code.
Severity
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CHANGING Inc. | TSSServiSignAdapter |
Affected:
unspecified , ≤ 1.0.20.0316
(custom)
|
Date Public
2021-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "TSSServiSignAdapter",
"vendor": "CHANGING Inc.",
"versions": [
{
"lessThanOrEqual": "1.0.20.0316",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WriteRegistry function in TSSServiSign component does not filter and verify users\u2019 input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T19:10:22.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.0.21.0520"
}
],
"source": {
"advisory": "TVN-202105006",
"discovery": "EXTERNAL"
},
"title": "CHANGING Inc. TSSServiSignAdapter Windows Versions - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-09-15T19:04:00.000Z",
"ID": "CVE-2021-37909",
"STATE": "PUBLIC",
"TITLE": "CHANGING Inc. TSSServiSignAdapter Windows Versions - Improper Input Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TSSServiSignAdapter",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "1.0.20.0316"
}
]
}
}
]
},
"vendor_name": "CHANGING Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WriteRegistry function in TSSServiSign component does not filter and verify users\u2019 input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.0.21.0520"
}
],
"source": {
"advisory": "TVN-202105006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37909",
"datePublished": "2021-09-15T19:10:22.691Z",
"dateReserved": "2021-08-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:42:01.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}