Lucene search

KrcertCVELIST:CVE-2020-7861

HistoryApr 22, 2021 - 5:33 p.m.

CVE-2020-7861 AnySupport directory traversing vulnerability

2021-04-2217:33:16

CWE-23

krcert

www.cve.org

anysupport

directory traversing

vulnerability

versions before 2019.3.21.0

arbitrary file execution

CVSS3

8.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

79.3%

JSON

AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "AquaNPlayer",
    "vendor": "Koino",
    "versions": [
      {
        "lessThanOrEqual": "2019.3.21.0",
        "status": "affected",
        "version": "2019.3.21.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36016

CVSS3

8.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

79.3%

JSON

Related for CVELIST:CVE-2020-7861