cvelist/2020/7xxx/CVE-2020-7849.json

{
    "CVE_data_meta": {
        "ASSIGNER": "vuln@krcert.or.kr",
        "ID": "CVE-2020-7849",
        "STATE": "PUBLIC",
        "TITLE": "UPRISM CURIX arbitrary code execution vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "CURIX 7.0 Agent",
                                "version": {
                                    "version_data": [
                                        {
                                            "platform": "Windows",
                                            "version_affected": "<=",
                                            "version_name": "1.3.6",
                                            "version_value": "1.3.6"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "uPrism.io"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-20 Improper Input Validation"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35903",
                "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35903"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
}