CVE-2020-6655 MEDIUM

CVE-2020-6655: File parsing Out-Of-Bounds read remote code execution

Vendor Eaton
Product easySoft Software
Weakness CWE-125
Published January 7, 2021
Last update August 4, 2024

CVSS base score

5.8/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.

Key dates

02Disclosure timeline

January 7, 2021 CVE published
August 4, 2024 Record updated