Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-3927
CVE-2020-3927:
ServiSign vulnerability analysis and mitigation
Overview
An arbitrary-file-delete vulnerability (CVE-2020-3927) was discovered in ServiSign security plugin, a cross-platform digital signature and verification system developed by Changingtec in Taiwan. The vulnerability was disclosed on February 3, 2020, affecting ServiSign for Windows versions 1.0.19.0617 and earlier (CHT Security).
Technical details
The vulnerability exists in a DLL file of the ServiSign system that contains an insecure API associated with file operations. The vulnerability allows attackers to delete files without any path filter or access control restrictions (CHT Security).
Impact
When exploited, attackers can deploy attack code in phishing or advertisement websites. If a user browses these compromised websites in an environment with ServiSign installed, the attacker can delete files at specific paths without authentication (CHT Security).
Mitigation and workarounds
Users should upgrade their ServiSign for Windows installations to versions newer than 1.0.19.0617 to protect against this vulnerability (CHT Security).
Additional resources
Source: This report was generated using AI
Related ServiSign vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management