Products
NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION Home GateWay/Hikari Denwa routers
NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION Home GateWay/Hikari Denwa routers
e-Tax software
- UNKNOWN
Source
vultures@jpcert.or.jp
Tags
CVE-2024-47045 details
Last Modified : Sept. 26, 2024, 3:35 p.m.
Description
Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.8 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-268 | Privilege Chaining | Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination. |
CWE-451 | User Interface (UI) Misrepresentation of Critical Information | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.8
Exploitability Score
1.8
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://jvn.jp/en/jp/JVN57749899/ | vultures@jpcert.or.jp |
https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm | vultures@jpcert.or.jp |