CVE-2019-13028
HIGHelectronic_identification_cards_client < 3.1.2 (Windows) & < 3.0.3 (Linux) - RCE via Local Web Server
Title source: llmDescription
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.csirt.gov.sk/aktualne-7d7.html?id=194
Third Party Advisory x_refsource_misc
https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdf
Third Party Advisory x_refsource_misc
https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-aktualizujeme-aplikaciu-pre-elektronicky-obciansky-preukaz
Scores
CVSS v3
8.8
EPSS
0.0366
EPSS Percentile
88.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (2)
minv/electronic_identification_cards_client
< 3.0.3
minv/electronic_identification_cards_client
< 3.1.2
Published
Jun 28, 2019
Tracked Since
Feb 18, 2026