CVE-2021-37909
CRITICALTSSServiSignAdapter < 1.0.20.0316 - Unauthenticated Arbitrary Registry Write via WriteRegistry Function
Title source: llmDescription
WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html
Scores
CVSS v3
9.8
EPSS
0.0194
EPSS Percentile
77.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
tssservisignadapter_project/tssservisignadapter
< 1.0.20.0316
Published
Sep 15, 2021
Tracked Since
Feb 18, 2026