Lucene search

[email protected]NVD:CVE-2020-7861

HistoryApr 22, 2021 - 6:15 p.m.

CVE-2020-7861

2021-04-2218:15:08

CWE-23

CWE-22

[email protected]

web.nvd.nist.gov

anysupport

remote support

directory traversing

swprintf function

file copying

arbitrary file execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.3%

JSON

AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution.

Affected configurations

Nvd

Node

microsoftwindowsMatch-

AND

anysupportanysupportRange<2019.3.21.0

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
anysupportanysupport*cpe:2.3:a:anysupport:anysupport:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
anysupport	anysupport	*	cpe:2.3:a:anysupport:anysupport::::::::

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36016

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.3%

JSON

Related for NVD:CVE-2020-7861

cve1 prion1 cvelist1