Описание
The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.5.5 (включая) до 1.2.0.0 (исключая)
Одновременно
cpe:2.3:a:teruten:webcube:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00444
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-346
CWE-346
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution.
EPSS
Процентиль: 63%
0.00444
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-346
CWE-346