CVE-2014-2003

Published Jun 16, 2014

Last updated 3 months ago

CVSS info 7.6

Overview

Description: JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.
Source: vultures@jpcert.or.jp
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.6
Impact score: 10
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4144834-782B-492F-B935-F036A5C26902",
            "versionEndIncluding": "2014"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64910A2D-4EFD-4435-B021-A47E5CA10901"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3255951-1684-4F78-9AA8-0721D43C4E75"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF1D2069-D1F4-4F31-8B78-9768F43EF847"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D65FA81-F110-4C21-8BD4-1A14BFFC7730"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2004:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFAE853E-5415-4B31-A873-E74E7C66C52F"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2005:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "471FA5F8-8EC2-4FEB-93E0-B838F81BD472"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2006:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E7E7611-56FC-4379-99FE-8D42046FA9C8"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2006:-:government:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA38365F-0FB9-4570-8A38-4FCC9AADA267"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A749FA56-6DE2-48A4-902C-6EB7E6575BA3"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2007:-:government:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A5C721C-CA01-4C6A-AC7C-C07FC3A333D3"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2008:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B8FAFF2-94AD-4C8B-8B10-57651DEA6191"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2008:-:government:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25F1AF4E-E4EC-4E66-B532-002A8512916F"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2009:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12205BDB-6DD6-46B8-891B-E4EAAB8F3588"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2009:-:government:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BC34189-32FE-4C8E-A87E-731C622ECBC0"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2009:-:trial:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5B023D0-C271-45B2-82D9-9AD4D800893E"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2010:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9C3EDDB-E30F-45BA-94C4-5C917283971E"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2010:-:government:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6881ACA2-0625-4E3F-8136-D20E627BFC9E"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A4975EC-E1DB-45C0-AFF6-C3E97F273332"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2011:-:sou:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47047585-7145-40D5-8FA2-B1B542CF6AC8"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2012:-:shou:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EE20B2C-6630-4362-9438-91571BD531B6"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2013:-:gen:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DF9AE8E-A943-49AF-A507-4423ADC8796C"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro:2013:-:gen_trial:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35A0240E-138D-4CE3-9D9E-30AEE34F9238"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_online_update:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96F6290F-EB66-4423-8F54-436BBC547547"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References