본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7820, CVE-2020-7821 | Tobesoft NEXACRO14/17 ExCommnApiV13 Arbitrary Code Execution Vulnerability2020.07.01
□ Overview
 o Tobesoft released security update to address arbitrary code execution vulnerability in NEXACRO14/17 ExCommonApiV13.
Vulerability Type Impact Severity CVSS CVE ID
Missing support for integrity check Code execution High 7.8 CVE-2020-7820
Missing support for integrity check Code execution High 7.8 CVE-2020-7821
 
□ Description
 o Nexacro14/17 ExtCommonApiV13 Library contains a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC(CVE-2020-7820)
 o Nexacro14/17 ExtCommonApiV13 Library contains a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC(CVE-2020-7821)

□ Affected Products
Product Version PlatForm
NEXACRO14/17 ExCommonApiV13 under 2019.9.6 Window OS
 
□ Solution
 o Update software 2019.9.6 version or over
 
□ Reference site
 [1]  http://support.tobesoft.co.kr/Support/index.html

□ Acknowledgements
 o Thanks to Jungun Baek for reporthing this vulnerability


□ 작성 : 침해사고분석단 취약점분석팀