Arbitrary File Access Vulnerability in NHIServiSignAdapter

Arbitrary File Access Vulnerability in NHIServiSignAdapter

CVE-2020-25842 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.

Learn more about our User Device Pen Test.