7.8
CVE-2020-15009
- EPSS 0.44%
- Veröffentlicht 20.07.2020 13:15:09
- Zuletzt bearbeitet 21.11.2024 05:04:37
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asus ≫ Screenpad2 Upgrade Tool Version1.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.349 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/
https://drive.google.com/file/d/1ClzHH5Jw3PgZw74RvKrEP8xU0TUc5Ta0/view?usp=sharing
https://www.asus.com/support/FAQ/1043674