Vulnerability Details CVE-2019-13028
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://www.csirt.gov.sk/aktualne-7d7.html?id=194
- https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdf
- https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-aktualizujeme-aplikaciu-pre-elektronicky-obciansky-preukaz
- https://www.csirt.gov.sk/aktualne-7d7.html?id=194
- https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdf
- https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-aktualizujeme-aplikaciu-pre-elektronicky-obciansky-preukaz
Products affected by CVE-2019-13028
-
cpe:2.3:a:minv:electronic_identification_cards_client:2.0.0
-
cpe:2.3:a:minv:electronic_identification_cards_client:2.0.2
-
cpe:2.3:a:minv:electronic_identification_cards_client:3.0.0
-
cpe:2.3:a:minv:electronic_identification_cards_client:3.0.2