10

CVE-2021-44596

Exploit

EPSS 42.78%
Published 29.04.2022 12:15:07
Last modified 21.11.2024 06:31:15
Source cve@mitre.org
Teams watchlist Login
Open Login

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges

Affected products Warnungen 0 Metrics 3 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Wondershare ≫ Dr.Fone Version2021-12-06

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	42.78%	0.974

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

Not Applicable

http://wondershare.com

Vendor Advisory

https://medium.com/%40tomerp_77017/wondershell-a82372914f26

http://packetstormsecurity.com/files/167035/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2021-44596

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44596

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44596

EUVD