Missing Support for Integrity Check

CVE-2019-12804

Medium

5.5/10

Summary

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-353 - Missing Support for Integrity Check

The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

References

Advisory Timeline

Published Jul 10, 2019

Missing Support for Integrity Check

CVE-2019-12804

Summary

CWE-353 - Missing Support for Integrity Check

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS