Lucene search

[email protected]CVE-2020-5674

HistoryNov 24, 2020 - 7:15 a.m.

CVE-2020-5674

2020-11-2407:15:11

CWE-427

[email protected]

web.nvd.nist.gov

cve-2020-5674

nvd

seiko epson

vulnerability

installers

privilege escalation

dll

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected configurations

Vulners

NVD

Node

seiko_epson_corporationthe_installers_of_multiple_seiko_epson_productsMatch3

seiko_epson_corporationthe_installers_of_multiple_seiko_epson_productsMatch2

CPENameOperatorVersion
epson:album_printepson album printeq-
epson:color_calibration_utilityepson color calibration utilityeq-
epson:colorbaseepson colorbaseeq-
epson:colorio_easy_printepson colorio easy printeq-
epson:connectepson connecteq-
epson:creativity_suiteepson creativity suiteeq-
epson:e-photoepson e-photoeq-
epson:easy_photo_printepson easy photo printeq-
epson:easy_settingsepson easy settingseq-
epson:imaging_workshopepson imaging workshopeq-

CPE	Name	Operator	Version
epson:album_print	epson album print	eq	-
epson:color_calibration_utility	epson color calibration utility	eq	-
epson:colorbase	epson colorbase	eq	-
epson:colorio_easy_print	epson colorio easy print	eq	-
epson:connect	epson connect	eq	-
epson:creativity_suite	epson creativity suite	eq	-
epson:e-photo	epson e-photo	eq	-
epson:easy_photo_print	epson easy photo print	eq	-
epson:easy_settings	epson easy settings	eq	-
epson:imaging_workshop	epson imaging workshop	eq	-

Rows per page:

1-10 of 291

CNA Affected

[
  {
    "product": "the installers of multiple SEIKO EPSON products",
    "vendor": "SEIKO EPSON CORPORATION",
    "versions": [
      {
        "status": "affected",
        "version": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN26835001/index.html

www.epson.jp/support/misc_t/201119_oshirase.htm

www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for CVE-2020-5674

jvn1 cvelist1 prion1 nvd1