Lucene search

KrcertCVELIST:CVE-2020-7869

HistoryJun 29, 2021 - 1:48 p.m.

CVE-2020-7869

2021-06-2913:48:53

CWE-20

krcert

www.cve.org

zook software

input validation

remote attackers

arbitrary files

remote administration tool

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

70.0%

JSON

An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the “Tight file CMD” function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using “Tight file CMD” without authority.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "ZOOK",
    "vendor": "mastersoft",
    "versions": [
      {
        "lessThanOrEqual": "2.0.4.6",
        "status": "affected",
        "version": "2.0.4.6",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36090

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

70.0%

JSON

Related for CVELIST:CVE-2020-7869