본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7851 | Innorix File Transfer Solution File Download and Execution Vulnerability2021.03.30
□ Overview
 o INNORIX released security update to address file download and execution vulnerability in Web-Based File Transfer Soultion.
Vulnerability Type Impact Severity CVSS Score CVE ID
File Download and Execution Code Execution High 7.8 CVE-2020-7851


□ Description
 o Web-Based File Transfer Solution contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. (CVE-2020-7851)
 o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.


□ Affected Product
Product Version Platform
INNORIX Agent.exe 9.2.18.382 and prior Windows, Linux, Mac


□ Solution
 o Update software over File Transer Solution 9.2.18.390 version or higher.


□ Reference
 [1] https://www.innorix.com/ko/


□ Etc
 o Thanks to Hyeonjin Ko for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀