CVE-2021-20722

HIGH

ScanSnap Manager <V7.0L20 - Privilege Escalation

Title source: llm

Description

Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.

References (2)

[Third Party Advisory] https://jvn.jp/en/jp/JVN65733194/index.html

[Product, Vendor Advisory] https://scansnap.fujitsu.com/global/dl/

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 9.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

fujitsu/scansnap_manager < 7.0l20

Timeline

Published May 24, 2021

Tracked Since Feb 18, 2026