exploitDog

CVE-2026-3000

Опубликовано: 02 мар. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.

Ссылки

https://www.changingtec.com/news_detail.jsp?item_id=348
Patch
Vendor Advisory
https://www.twcert.org.tw/en/cp-139-10741-daed4-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10740-b2eb2-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:changingtec:idexpert:*:*:*:*:*:windows:*:*

Версия от 2.7.3.230719 (включая) до 2.8.4.250925 (включая)

EPSS

Процентиль: 25%

0.00087

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-494

Связанные уязвимости

GHSA-6pfp-2fqc-3jh4

CVSS3: 9.8

github

около 2 месяцев назад

IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.

EPSS

Процентиль: 25%

0.00087

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-494