Vulnerability Description
Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nexaweb | Nexacro 14 | < 2019.9.6 |
| Nexaweb | Nexacro 17 | < 2019.9.6 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://support.tobesoft.co.kr/Support/index.htmlThird Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35491Third Party Advisory
- http://support.tobesoft.co.kr/Support/index.htmlThird Party Advisory
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35491Third Party Advisory
FAQ
What is CVE-2020-7821?
CVE-2020-7821 is a vulnerability with a CVSS score of 7.8 (HIGH). Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leve...
How severe is CVE-2020-7821?
CVE-2020-7821 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7821?
Check the references section above for vendor advisories and patch information. Affected products include: Nexaweb Nexacro 14, Nexaweb Nexacro 17, Microsoft Windows.