CVE-2020-7820 HIGH

CVE-2020-7820: Tobesoft NEXACRO14/17 ExCommonApiV13 Arbitrary Code Execution Vulnerability

Vendor Tobesoft

Product NEXACRO14/17 ExCommonApiV13

Weakness CWE-20 · Input validation

Published July 2, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC

Key dates

02Disclosure timeline

July 2, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-7820

Related vulnerabilities

Identifiers

CVE CVE-2020-7820

CWE CWE-20

CVSS 7.8 / HIGH

Affected versions