10

CVE-2021-44596

Exploit

EPSS 42.78%
Veröffentlicht 29.04.2022 12:15:07
Zuletzt bearbeitet 21.11.2024 06:31:15
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wondershare ≫ Dr.Fone Version2021-12-06

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	42.78%	0.974

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

Not Applicable

http://wondershare.com

Vendor Advisory

https://medium.com/%40tomerp_77017/wondershell-a82372914f26

http://packetstormsecurity.com/files/167035/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2021-44596

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-44596

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-44596

EUVD