CVE-2020-11614 — HIGH (8.1)

Vulnerability Description

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mids\' Reborn Hero Designer Project	Mids\' Reborn Hero Designer	2.6.0.7

Related Weaknesses (CWE)

CWE-319 CWE-345

References

https://github.com/Crytilis/mids-reborn-hero-designer/releasesRelease NotesThird Party Advisory
https://www.doyler.net/security-not-included/mids-reborn-vulnerabilitiesExploitThird Party Advisory
https://github.com/Crytilis/mids-reborn-hero-designer/releasesRelease NotesThird Party Advisory
https://www.doyler.net/security-not-included/mids-reborn-vulnerabilitiesExploitThird Party Advisory

FAQ

What is CVE-2020-11614?

CVE-2020-11614 is a vulnerability with a CVSS score of 8.1 (HIGH). Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after...

How severe is CVE-2020-11614?

CVE-2020-11614 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11614?

Check the references section above for vendor advisories and patch information. Affected products include: Mids\' Reborn Hero Designer Project Mids\' Reborn Hero Designer.