Lucene search

KrcertCVELIST:CVE-2020-7849

HistoryFeb 17, 2021 - 1:25 p.m.

CVE-2020-7849 UPRISM CURIX arbitrary code execution vulnerability

2021-02-1713:25:31

CWE-20

krcert

www.cve.org

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

72.0%

JSON

A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "CURIX 7.0 Agent",
    "vendor": "uPrism.io",
    "versions": [
      {
        "lessThanOrEqual": "1.3.6",
        "status": "affected",
        "version": "1.3.6",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35903

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

72.0%

JSON

Related for CVELIST:CVE-2020-7849