Vulnerability Details CVE-2022-35217
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.1%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2022-35217
-
cpe:2.3:a:nhi:health_insurance_web_service_component:-
-
cpe:2.3:o:microsoft:windows:-