Vulnerabilities > CVE-2021-44595 - Missing Authorization vulnerability in Wondershare Dr.Fone 20211206

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wondershare

CWE-862

NVD

Published: 2022-04-29

Updated: 2023-11-07

Summary

Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.

Vulnerable Configurations

Part	Description	Count
Application	Wondershare Wondershare Dr.Fone 2021-12-06	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://dr.com
http://wondershare.com
http://packetstormsecurity.com/files/167036/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
https://medium.com/%40tomerp_77017/wondershell-a82372914f26