CVE-2020-7862

HelpU Overflow Vulnerability

CVSS 7 HIGHEPSS 1.1%CWE-120 CWE-20

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Jun 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Helpu,inc · HelpuFTClient.dll Helpu,inc · HelpuFTServer.dll Helpu,inc · HelpuServer.exe Helpu,inc · HelpuViewer.exe

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://helpu.co.kr/customer/download.html https://krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36094