Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by tssservisignadapter_project
CVE-2021-37909 (GCVE-0-2021-37909)
Vulnerability from cvelistv5 – Published: 2021-09-15 19:10 – Updated: 2024-09-17 00:42
VLAI
Title
CHANGING Inc. TSSServiSignAdapter Windows Versions - Improper Input Validation
Summary
WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code.
Severity
9.8 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CHANGING Inc. | TSSServiSignAdapter |
Affected:
unspecified , ≤ 1.0.20.0316
(custom)
|
Date Public
2021-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "TSSServiSignAdapter",
"vendor": "CHANGING Inc.",
"versions": [
{
"lessThanOrEqual": "1.0.20.0316",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WriteRegistry function in TSSServiSign component does not filter and verify users\u2019 input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T19:10:22.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.0.21.0520"
}
],
"source": {
"advisory": "TVN-202105006",
"discovery": "EXTERNAL"
},
"title": "CHANGING Inc. TSSServiSignAdapter Windows Versions - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-09-15T19:04:00.000Z",
"ID": "CVE-2021-37909",
"STATE": "PUBLIC",
"TITLE": "CHANGING Inc. TSSServiSignAdapter Windows Versions - Improper Input Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TSSServiSignAdapter",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "1.0.20.0316"
}
]
}
}
]
},
"vendor_name": "CHANGING Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WriteRegistry function in TSSServiSign component does not filter and verify users\u2019 input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.0.21.0520"
}
],
"source": {
"advisory": "TVN-202105006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37909",
"datePublished": "2021-09-15T19:10:22.691Z",
"dateReserved": "2021-08-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:42:01.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}