CVE-2021-20722

Published: May 24, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.

Affected (1)

Products: Fujitsu: Scansnap Manager

1 product

Scansnap Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fujitsu Scansnap Manager	Before 7.0l20

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (4)

https://jvn.jp/en/jp/JVN65733194/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://scansnap.fujitsu.com/global/dl/

Source: vultures@jpcert.or.jp

ProductVendor Advisory

https://jvn.jp/en/jp/JVN65733194/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://scansnap.fujitsu.com/global/dl/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.