Lucene search

KrcertCVELIST:CVE-2020-7874

HistorySep 09, 2021 - 12:49 p.m.

CVE-2020-7874 NEXACRO14 Runtime arbitrary file download and execution vulnerability

2021-09-0912:49:59

CWE-494

krcert

www.cve.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "NEXACRO14",
    "vendor": "TOBESOFT",
    "versions": [
      {
        "lessThan": "14.0.1.3600",
        "status": "affected",
        "version": "14.0.1.3600",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36235

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Related for CVELIST:CVE-2020-7874