Lucene search

KrcertCVELIST:CVE-2020-7868

HistoryJun 29, 2021 - 1:39 p.m.

CVE-2020-7868 Helpu remote code execution vulnerability

2021-06-2913:39:21

CWE-141

krcert

www.cve.org

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.6%

JSON

A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "helpu.ocx",
    "vendor": "HelpU",
    "versions": [
      {
        "lessThanOrEqual": "2020.06.27",
        "status": "affected",
        "version": "2020.6.27.1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.6%

JSON

Related for CVELIST:CVE-2020-7868