본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7849 | UPRISM CURIX arbitrary code execution vulnerability2021.02.16
□ Overview
 o uPrism.io released security  update to address arbitrary code execution vulnerability in CURIX(Video conferencing solution).
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper Input Validation Arbitrary code execution High 8.0 CVE-2020-7849
 
□ Description
 o A vulnerability of uPrism.io CURIX(Video conferencing solution) could allow an unauthenticated attacker to execute arbitrary code.
This vulnerability is due to unsufficient input(server domain) validation.

o  An attacker could exploit this vulnerability through crafted URL.

□ Affected Product
Product Version Platform
UPRISM CURIX 7.0 Agent(uPrism.io) 1.3.6 Windows
 
□ Solution
 o Update software over uPrism.io(CURIX) version 1.3.9
    (automatic upgrade via installation program)
 
□ Reference site
[1] https://medium.com/uprismio/tagged/release-n-updates
 
□ Acknowledgements
 o Thanks to Ki Chan Park, Da Hyun Kim, Hyeon Ju Oh, Hyoung Wook Jang for reporting this vulnerability
 


□ 작성 : 침해사고분석단 취약점분석팀