ByteOS Network

NVD Vulnerability Details :

CVE-2019-13028

Analyzed

Source-cve@mitre.org

Published At-28 Jun, 2019 | 22:15

Updated At-05 Jul, 2019 | 18:33

An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. This is a product from the Ministry of Interior of the Slovak Republic.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

minv>>electronic_identification_cards_client>>Versions before 3.0.3(exclusive)

cpe:2.3:a:minv:electronic_identification_cards_client:*:*:*:*:*:linux:*:*

minv>>electronic_identification_cards_client>>Versions before 3.1.2(exclusive)

cpe:2.3:a:minv:electronic_identification_cards_client:*:*:*:*:*:windows:*:*

Weaknesses

CWE ID	Type	Source
CWE-284	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.csirt.gov.sk/aktualne-7d7.html?id=194	cve@mitre.org	Exploit Third Party Advisory
https://www.csirt.gov.sk/doc/eid_klient_tlacova_sprava.pdf	cve@mitre.org	Third Party Advisory
https://www.minv.sk/?tlacove-spravy&sprava=pouzivatelom-e-sluzieb-automaticky-aktualizujeme-aplikaciu-pre-elektronicky-obciansky-preukaz	cve@mitre.org	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History