CVE-2021-44596

Exploit

EPSS 22.72%
Veröffentlicht 29.04.2022 12:15:07
Zuletzt bearbeitet 21.11.2024 06:31:15
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wondershare ≫ Dr.Fone Version2021-12-06

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	22.72%	0.974

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://dr.com

Not Applicable

http://wondershare.com

Vendor Advisory

https://medium.com/%40tomerp_77017/wondershell-a82372914f26

http://packetstormsecurity.com/files/167035/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2021-44596

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44596

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44596

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-44596