CVE-2019-12803 — CRITICAL (9.8)

Q: How severe is CVE-2019-12803?

CVE-2019-12803 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-12803?

Check the references section above for vendor advisories and patch information. Affected products include: Hunesion I-Onenet.

Vulnerability Description

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hunesion	I-Onenet	>= 3.0.7, <= 3.0.53

Related Weaknesses (CWE)

CWE-434

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073Broken LinkThird Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073Broken LinkThird Party Advisory

FAQ

What is CVE-2019-12803?

CVE-2019-12803 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upl...

How severe is CVE-2019-12803?

CVE-2019-12803 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-12803?

Check the references section above for vendor advisories and patch information. Affected products include: Hunesion I-Onenet.