CVE-2021-30110

Опубликовано: 22 июл. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5.1

EPSS Низкий

Описание

dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates.

Ссылки

https://blog.grimm-co.com/2021/04/time-for-upgrade.html
Third Party Advisory
https://www.greyware.com/software/domaintime/
Vendor Advisory
https://www.greyware.com/software/domaintime/v5/installation/v5x.asp#currentVersion
Release Notes
Vendor Advisory
https://blog.grimm-co.com/2021/04/time-for-upgrade.html
Third Party Advisory
https://www.greyware.com/software/domaintime/
Vendor Advisory
https://www.greyware.com/software/domaintime/v5/installation/v5x.asp#currentVersion
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:greyware:domain_time_ii:*:*:*:*:*:*:*:*

Версия до 5.2.b.20210331 (исключая)

EPSS

Процентиль: 81%

0.01523

Низкий

7.5 High

CVSS3

5.1 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-vmvq-v8h8-g57c

github

больше 3 лет назад