CVE-2020-6656 MEDIUM

CVE-2020-6656: File parsing Type Confusion Remote code execution vulerability

Vendor Eaton
Product easySoft Software
Weakness CWE-843
Published January 7, 2021
Last update August 4, 2024

CVSS base score

5.8/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.

Key dates

02Disclosure timeline

January 7, 2021 CVE published
August 4, 2024 Record updated