CVE-2022-32962

HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30306:::::linux::
	cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30404:::::macos::
	cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.1.0.00002:::::windows::

History

21 Nov 2024, 07:07

Type	Values Removed	Values Added
References	~~() https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html - Third Party Advisory~~	() https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html - Third Party Advisory

02 Aug 2022, 15:37

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30404:::::macos:: cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30306:::::linux:: cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.1.0.00002:::::windows::
CWE		CWE-415
References	~~(CONFIRM) https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html -~~	(CONFIRM) https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html - Third Party Advisory

20 Jul 2022, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-20 02:15

Updated : 2024-11-21 07:07

NVD link : CVE-2022-32962

Mitre link : CVE-2022-32962

CVE.ORG link : CVE-2022-32962

JSON object : View

Products Affected

hinet

hicos_natural_person_credential_component_client

CWE

CWE-415

Double Free

{"id": "CVE-2022-32962", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2022-07-20T02:15:07.997", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-415"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."}, {"lang": "es", "value": "El componente de certificado ciudadano del lado del cliente de HiCOS presenta una vulnerabilidad de doble liberaci\u00f3n. Un atacante f\u00edsico no autenticado puede explotar esta vulnerabilidad para corromper la memoria y ejecutar c\u00f3digo arbitrario, manipular datos del sistema o terminar el servicio"}], "lastModified": "2024-11-21T07:07:19.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30306:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "2C3A74A9-114E-4326-B71C-83FFA3580E63"}, {"criteria": "cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30404:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "7800A8CE-C635-4E00-8BEA-E3E4D4EC9378"}, {"criteria": "cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.1.0.00002:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "48F1D51B-28F3-4952-BB19-9BCA637DF577"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}

6.8 /10