본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7846 | Helpcom arbitrary file download and execution vulnerability2021.02.22
□ Overview
 o Cnesty released security update to address file download vulnerability in Helpcom.
Vulnerability Type Impact Severity CVSS Score CVE ID
File download Code execution High 8.0 CVE-2020-7846
 
□ Description
 o Helpcom contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.
 
□ Affected Product
Product Version
Helpcom Previous version of 10.0
 
□ Solution
 o Update software over Helpcom 10.0 version
 
□ Acknowledgements
 o Thanks to Jeongun Baek for reporting this vulnerability
 



□ 작성 : 침해사고분석단 취약점분석팀