CVE-2020-7821

HIGH

Nexacro14/17 ExtCommonApiV13 <2019.9.6 - RCE

Title source: llm
STIX 2.1

Description

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC

References (2)

Core 2
Core References
Third Party Advisory x_refsource_confirm
http://support.tobesoft.co.kr/Support/index.html

Scores

CVSS v3 7.8
EPSS 0.0161
EPSS Percentile 73.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
nexaweb/nexacro_14 < 2019.9.6
nexaweb/nexacro_17 < 2019.9.6
Published Jul 02, 2020
Tracked Since Feb 18, 2026