Incorrect Access Control in Wondershare Dr. Fone Affects User Security
CVE-2021-44595

8.8HIGH

Key Information:

Vendor

Wondershare

Status
Dr.fone
Vendor
CVE Published:
29 April 2022

What is CVE-2021-44595?

Wondershare Dr. Fone, specifically the latest version as of December 6, 2021, is susceptible to an Incorrect Access Control vulnerability. This flaw allows a normal user to send specially crafted packets to the ElevationService.exe process, enabling the execution of arbitrary code without proper validation. This issue poses significant risks, as it grants potential attackers SYSTEM privileges, thus compromising user security and system integrity.

References

http://wondershare.com
x_refsource_MISC
http://dr.com
x_refsource_MISC
https://medium.com/%40tomerp_77017/wondershell-a82372914f26
x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.