Lucene search

KrcertCVELIST:CVE-2020-7868

HistoryJun 29, 2021 - 1:39 p.m.

CVE-2020-7868 Helpu remote code execution vulnerability

2021-06-2913:39:21

CWE-141

krcert

www.cve.org

cve-2020-7868

helpus

remote code execution

improper validation

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.006

Percentile

78.6%

JSON

A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "helpu.ocx",
    "vendor": "HelpU",
    "versions": [
      {
        "lessThanOrEqual": "2020.06.27",
        "status": "affected",
        "version": "2020.6.27.1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.006

Percentile

78.6%

JSON

Related for CVELIST:CVE-2020-7868