CVE-2020-25171
Fuji Electric V-Server Lite
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
Las versiones afectadas de Fuji Electric V-Server Lite anteriores a 3.3.24.0, son vulnerables a una escritura fuera de límites, lo que puede permitir a un atacante ejecutar código arbitrario remotamente
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-04 CVE Reserved
- 2020-11-25 CVE Published
- 2024-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-329-02 | 2021-02-25 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fujielectric Search vendor "Fujielectric" | V-server Search vendor "Fujielectric" for product "V-server" | < 3.3.24.0 Search vendor "Fujielectric" for product "V-server" and version " < 3.3.24.0" | lite |
Affected
| ||||||