Untrusted Search Path Vulnerability in Fujitsu ScanSnap Manager Installers
CVE-2021-20722

7.8HIGH

Key Information:

Vendor

Fujitsu Limited And Pfu Limited

Status
The Installers Of Scansnap Manager And The Software Download Installer
Vendor
CVE Published:
24 May 2021

What is CVE-2021-20722?

The vulnerability in Fujitsu's ScanSnap Manager installers allows attackers to exploit an untrusted search path. This flaw can be leveraged by an attacker to gain elevated privileges and execute arbitrary code by introducing a Trojan horse DLL present in an unspecified directory. This issue affects multiple versions of the ScanSnap Manager and related software installers, necessitating immediate attention to ensure system integrity and security.

Affected Version(s)

The installers of ScanSnap Manager and the Software Download Installer The installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe

References

https://scansnap.fujitsu.com/global/dl/
x_refsource_MISC
https://jvn.jp/en/jp/JVN65733194/index.html
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2021-20722 : Untrusted Search Path Vulnerability in Fujitsu ScanSnap Manager Installers