Vulnerability Description
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Minv | Electronic Identification Cards Client | < 3.0.3 |
Related Weaknesses (CWE)
References
- https://www.csirt.gov.sk/aktualne-7d7.html?id=194ExploitThird Party Advisory
- https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdfThird Party Advisory
- https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-akThird Party Advisory
- https://www.csirt.gov.sk/aktualne-7d7.html?id=194ExploitThird Party Advisory
- https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdfThird Party Advisory
- https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-akThird Party Advisory
FAQ
What is CVE-2019-13028?
CVE-2019-13028 is a vulnerability with a CVSS score of 8.8 (HIGH). An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or del...
How severe is CVE-2019-13028?
CVE-2019-13028 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13028?
Check the references section above for vendor advisories and patch information. Affected products include: Minv Electronic Identification Cards Client.