MidnightBSD

Advisories for helpu

CVE-2020-7862 MEDIUM

A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vuln@krcert.or.kr 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-120,CWE-20,

Products Affected

Vendor Product Version
helpu helpuserver 1.0.0.2
helpu helpuftserver 3.0.0.0
helpu helpuftclient 3.0.0.0
helpu helpuviewer 2018.5.21.0
CVE-2020-7867 MEDIUM

An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vuln@krcert.or.kr 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
helpu helpuviewer 2018.5.21.0
CVE-2020-7868 HIGH

A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
vuln@krcert.or.kr 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-141,NVD-CWE-Other,

Products Affected

Vendor Product Version
helpu helpu 2020.6.27.1