CVE-2020-7807 - OpenCVE

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Lg	Lg Ultrawide Ipsfullhd Ultra Hd Driver Setup Lgpcsuite Setup
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:lg:ipsfullhd:1.0.0.3:::::::*
	cpe:2.3:a:lg:lg_ultrawide:1.0.0.3:::::::*
	cpe:2.3:a:lg:lgpcsuite_setup:1.0.0.9:::::::*
	cpe:2.3:a:lg:ultra_hd_driver_setup:1.0.0.3:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://lgsecurity.lge.com/	Vendor Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: krcert

Published: 2020-09-14T11:55:29

Updated: 2020-09-14T11:55:29

Reserved: 2020-01-22T00:00:00

Link: CVE-2020-7807

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-14T12:15:11.037

Modified: 2020-09-21T12:49:03.900

Link: CVE-2020-7807

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"platforms": ["Windows(x86, x64)"], "product": "(LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup)", "vendor": "LG Electronics", "versions": [{"status": "affected", "version": "IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup.exe 1.0.0.3"}, {"status": "affected", "version": "LGPCSuite_Setup.exe 1.0.0.9"}]}], "credits": [{"lang": "en", "value": "Eran Shimony"}], "descriptions": [{"lang": "en", "value": "A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-353", "description": "CWE-353 Missing Support for Integrity Check", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-14T11:55:29", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lgsecurity.lge.com/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587"}], "source": {"discovery": "UNKNOWN"}, "title": "DLL Hijacking Vulnerabilities During Installation of LG Electronics Software", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2020-7807", "STATE": "PUBLIC", "TITLE": "DLL Hijacking Vulnerabilities During Installation of LG Electronics Software"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "(LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup)", "version": {"version_data": [{"platform": "Windows(x86, x64)", "version_affected": "=", "version_name": "IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup.exe", "version_value": "1.0.0.3"}, {"platform": "Windows(x86, x64)", "version_affected": "=", "version_name": "LGPCSuite_Setup.exe", "version_value": "1.0.0.9"}]}}]}, "vendor_name": "LG Electronics"}]}}, "credit": [{"lang": "eng", "value": "Eran Shimony"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64)."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-353 Missing Support for Integrity Check"}]}]}, "references": {"reference_data": [{"name": "https://lgsecurity.lge.com/", "refsource": "MISC", "url": "https://lgsecurity.lge.com/"}, {"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587", "refsource": "MISC", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2020-7807", "datePublished": "2020-09-14T11:55:29", "dateReserved": "2020-01-22T00:00:00", "dateUpdated": "2020-09-14T11:55:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lg:ipsfullhd:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A19A579C-DC0B-4C5C-A68F-58CBF6533B37", "vulnerable": true}, {"criteria": "cpe:2.3:a:lg:lg_ultrawide:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0EB4960C-CD4B-4298-BFF4-4F409E17B2DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:lg:lgpcsuite_setup:1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "C93B2549-B23C-4394-BF17-673AD01F3A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:lg:ultra_hd_driver_setup:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "42833D6B-C505-4B58-A72F-F6F127A1D5D0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64)."}, {"lang": "es", "value": "Una vulnerabilidad que puede secuestrar un archivo DLL que es cargado durante la instalaci\u00f3n de productos (LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) en un archivo DLL que el hacker desea. Un falta de soporte para la vulnerabilidad de comprobaci\u00f3n de integridad en ____COMPONENT____ de LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) permite a ____ ATTACKER / ATTACK ____ causar ____IMPACT____. Este problema afecta a: LG Electronics; LGPCSuite_Setup: versi\u00f3n 1.0.0.3 en Windows (x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup: versi\u00f3n 1.0.0.9 en Windows (x86, x64)"}], "id": "CVE-2020-7807", "lastModified": "2020-09-21T12:49:03.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.2, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2020-09-14T12:15:11.037", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Vendor Advisory"], "url": "https://lgsecurity.lge.com/"}, {"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-353"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}