Vulnerability Details CVE-2023-48387
TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.6%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-48387
-
cpe:2.3:a:twca:jcicsecuritytool:4.2.3.32