PT-2021-12669 · Helpcom · Helpcom

Jeongun Baek

Published

2021-02-24

Updated

2021-02-27

CVE-2020-7846

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Helpcom versions prior to 10.0

Description: The issue is caused by a hardcoded cryptographic key, leading to a file download and execution vulnerability. This can be exploited via access to a crafted web page.

Recommendations: For versions prior to 10.0, update to version 10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted web pages to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-321

Related Identifiers

CVE-2020-7846

Affected Products

Helpcom

PT-2021-12669 · Helpcom · Helpcom

CVE-2020-7846

Weakness Enumeration

Related Identifiers

Affected Products

References · 6