CVE-2021-44596

Published: Apr 29, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges

Affected (1)

Products: Wondershare: Dr.fone

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wondershare Dr.fone	Version 2021-12-06

References (8)

Source: cve@mitre.org

Not Applicable

http://packetstormsecurity.com/files/167035/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://wondershare.com

Source: cve@mitre.org

Vendor Advisory

https://medium.com/%40tomerp_77017/wondershell-a82372914f26

Source: cve@mitre.org

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://packetstormsecurity.com/files/167035/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://wondershare.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://medium.com/%40tomerp_77017/wondershell-a82372914f26

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.