Vulnerability Details CVE-2021-44595
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://dr.com
- http://packetstormsecurity.com/files/167036/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
- http://wondershare.com
- https://medium.com/%40tomerp_77017/wondershell-a82372914f26
- http://dr.com
- http://packetstormsecurity.com/files/167036/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
- http://wondershare.com
- https://medium.com/%40tomerp_77017/wondershell-a82372914f26
Products affected by CVE-2021-44595
-
cpe:2.3:a:wondershare:dr.fone:2021-12-06