CVE-2023-48387

TAIWAN-CA(TWCA) JCICSecurityTool - Improper Input Validation

Description

TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.

Remediation

Solution:

  • Update version to 4.2.3.33

Category

8.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 1.73% Top 20%
Third-Party Advisory org.tw
Affected: TAIWAN-CA(TWCA) JCICSecurityTool
Published at:
Updated at:

References

Link Tags
https://www.twcert.org.tw/tw/cp-132-7602-a47a2-1.html third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-48387?
CVE-2023-48387 has been scored as a high severity vulnerability.
How to fix CVE-2023-48387?
To fix CVE-2023-48387: Update version to 4.2.3.33
Is CVE-2023-48387 being actively exploited in the wild?
It is possible that CVE-2023-48387 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-48387?
CVE-2023-48387 affects TAIWAN-CA(TWCA) JCICSecurityTool.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.