본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7825 | MiPlatform Remote Command Execution Vulnerability2020.07.15
□ Overview
o TOBESOFT Co,Ltd released security update to address remote command execution vulnerability in MiPlatform.
Vulnerability Type Impact Severity CVSS Score CVE ID
Command Execution Remote Comand Execution High 8.8 CVE-2020-7825
 
□ Description
o A Vulnerability exists that could be allow the execution of operating system commands on system running MiPlatform. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform. (CVE-2020-7825)
 
□ Affected Product
Product Version PlatForm
MiPlatform ExtCommandApi.dll
(320, 320U, 330, 330U)
prior 2019-05-16 Windows
 
□ Solution
o Update software over MiPlatform 2019.05.16 version or higher.
 
□ Acknowledgements
o Thanks to Jeongun Baek for reporthing this vulnerability


□ 작성 : 침해사고분석단 취약점분석팀
키워드 MiPlatform