□ Overview
o uPrism.io released security update to address arbitrary code execution vulnerability in CURIX(Video conferencing solution).
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Improper Input Validation |
Arbitrary code execution |
High |
8.0 |
CVE-2020-7849 |
□ Description
o A vulnerability of uPrism.io CURIX(Video conferencing solution) could allow an unauthenticated attacker to execute arbitrary code.
This vulnerability is due to unsufficient input(server domain) validation.
o An attacker could exploit this vulnerability through crafted URL.
□ Affected Product
| Product |
Version |
Platform |
| UPRISM CURIX 7.0 Agent(uPrism.io) |
1.3.6 |
Windows |
□ Solution
o Update software over uPrism.io(CURIX) version 1.3.9
(automatic upgrade via installation program)
□ Reference site
[1] https://medium.com/uprismio/tagged/release-n-updates
□ Acknowledgements
o Thanks to Ki Chan Park, Da Hyun Kim, Hyeon Ju Oh, Hyoung Wook Jang for reporting this vulnerability
□ 작성 : 침해사고분석단 취약점분석팀 |
