CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
AI Score
Confidence
Low
EPSS
Percentile
16.3%
FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure χ.
FFRI AMC contains an OS command injection vulnerability (CWE-78).
It is exploitable when the notification program setting is enabled, the executable file path is configured with a batch file (.bat) or command file (.cmd), and the file is written in a certain style.
When an attacker pretends to be a yarai client and sends crafted request, an arbitrary OS command may be executed on the victim FFRI AMC.
Update the software
Update the software to the latest version according to the information provided by the developer.
The following versions are provided to address the vulnerability: