CVE-2021-44595

Опубликовано: 29 апр. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.

Ссылки

http://dr.com
Not Applicable
http://packetstormsecurity.com/files/167036/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://wondershare.com
Product
https://medium.com/%40tomerp_77017/wondershell-a82372914f26
http://dr.com
Not Applicable
http://packetstormsecurity.com/files/167036/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://wondershare.com
Product
https://medium.com/%40tomerp_77017/wondershell-a82372914f26

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wondershare:dr.fone:2021-12-06:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08168

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-h9xj-4798-57hx