CVE-2020-7830

{"id": "CVE-2020-7830", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "vuln@krcert.or.kr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-09-02T20:15:11.297", "references": [{"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35582", "tags": ["Third Party Advisory"], "source": "vuln@krcert.or.kr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier."}, {"lang": "es", "value": "RAONWIZ versiones v2018.0.2.50 y anteriores, contienen una vulnerabilidad que podr\u00eda permitir la descarga de archivos remotos por una falta de comprobaci\u00f3n. Las vulnerabilidades en la descarga con el agente Kupload permiten que los archivos se descarguen en rutas arbitrarias debido a una verificaci\u00f3n insuficiente de las extensiones y rutas de descarga. Este problema afecta a: RAONWIZ RAON KUpload versiones 2018.0.2.50 y anteriores"}], "lastModified": "2020-09-11T16:45:35.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:raonwiz:raon_kupload:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE282BE-B410-409D-8F7D-5660F12DCE1F", "versionEndIncluding": "2018.0.2.50"}], "operator": "OR"}]}], "sourceIdentifier": "vuln@krcert.or.kr"}