CVE-2020-26867

Published Oct 12, 2020

Last updated 2 years ago

CVSS critical 9.8

Overview

Description: ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server.
Source: vulnerability@kaspersky.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-502
vulnerability@kaspersky.com: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pcvuesolutions:pcvue:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF882021-E262-4139-AF33-87FE5A6C3E1D",
            "versionEndExcluding": "12.0.17",
            "versionStartIncluding": "8.10"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References