Preface: Public key infrastructure (PKI) governs the issuance of digital certificates to protect sensitive data, provide unique digital identities for users, devices and applications and secure end-to-end communications.

Technical background: From a technical point of view, application software is installed on the host and provides functions (listening to data on open ports or sending data to the LAN or the Internet). Protect online data transmission based on compliance. It will deploy PKI technology. If the SSL certificate installed on the host is not verified, it may allow an attacker to deceive trusted entities by interfering with the communication path between the host and the client. The software may connect to a malicious host and think it is a trusted host, or the software may be tricked into accepting spoofed data that appears to be from a trusted host.

Vulnerability details: A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.

Please refer to the link – https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36174