NEC InfoCage SiteShell Improper Access Permissions Vulnerability (CVE-2020-5632)

Key Information Vulnerability ID: JVN#07426151 Vulnerability Title: InfoCage SiteShell installs their files with improper access permissions Release Date: 2020/09/30 Last Updated: 2020/11/17 Overview InfoCage SiteShell installs its files with improper access permissions. Affected Products Host type SiteShell for IIS various versions from V1.4 to V4.2.0.1 Host type SiteShell for Apache Windows various versions from V1.4 to V4.2.0.1 Description Files installed by InfoCage SiteShell, provided by NEC Corporation, have improper access permissions (CWE-732). Specifically, the service executable can be modified by the Everyone user. Impact The service executable may be modified by a local user, potentially leading to arbitrary code execution with elevated privileges. Solution Apply Patch: Update the software to an appropriate revised version as provided by the developer. Patch Versions: V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, V4.2.0.1 For V1.4, V1.5, and V1.6: Standard support has ended and no patches are available; users should upgrade to V2.0 or later. Vendor Status Vendor: NEC Corporation Status: Vulnerable Last Updated: 2020/11/17 CVSS Score CVSS v3 Base Score: 7.8 CVSS v2 Base Score: 6.8 Additional Information CVE: CVE-2020-5632 JVN iPedla: JVNDNB-2020-000066

Goal Reached Thanks to every supporter — we hit 100%!

NEC InfoCage SiteShell Improper Access Permissions Vulnerability (CVE-2020-5632)