CVE-2020-7869

CRITICAL

ZOOK - Unauthenticated Arbitrary File Creation via Tight File CMD

Title source: llm
STIX 2.1

Description

An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority.

References (1)

Core 1
Core References

Scores

CVSS v3 9.0
EPSS 0.0161
EPSS Percentile 72.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
mastersoft/zook 2.0.4.6
Published Jun 29, 2021
Tracked Since Feb 18, 2026