CVE-2021-20722

EPSS 0.08%
Published 24.05.2021 04:15:14
Last modified 21.11.2024 05:47:04
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Fujitsu ≫ Scansnap Manager Version < 7.0l20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.196

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://jvn.jp/en/jp/JVN65733194/index.html

Third Party Advisory

https://scansnap.fujitsu.com/global/dl/

Vendor Advisory

Product

https://nvd.nist.gov/vuln/detail/CVE-2021-20722

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20722

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20722

EUVD