Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2022-03-01T01:55:17.625028Z
Updated: 2024-09-16T22:35:31.057Z
Reserved: 2020-05-11T00:00:00
Link: CVE-2020-12775
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-01T02:15:07.213
Modified: 2024-11-21T05:00:16.097
Link: CVE-2020-12775
Redhat
No data.