Vulnerability Details CVE-2021-44596
Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges
Exploit prediction scoring system (EPSS) score
EPSS Score 0.428
EPSS Ranking 97.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://dr.com
- http://packetstormsecurity.com/files/167035/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
- http://wondershare.com
- https://medium.com/%40tomerp_77017/wondershell-a82372914f26
- http://dr.com
- http://packetstormsecurity.com/files/167035/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
- http://wondershare.com
- https://medium.com/%40tomerp_77017/wondershell-a82372914f26
Products affected by CVE-2021-44596
-
cpe:2.3:a:wondershare:dr.fone:2021-12-06