Vulnerabilities > CVE-2021-44595 - Missing Authorization vulnerability in Wondershare Dr.Fone 20211206
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://dr.com
- http://dr.com
- http://packetstormsecurity.com/files/167036/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
- http://packetstormsecurity.com/files/167036/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
- http://wondershare.com
- http://wondershare.com
- https://medium.com/%40tomerp_77017/wondershell-a82372914f26
- https://medium.com/%40tomerp_77017/wondershell-a82372914f26