CVE-2020-7807 - OpenCVE

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lg	Ipsfullhd Lg Ultrawide Lgpcsuite Setup Ultra Hd Driver Setup
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:lg:ipsfullhd:1.0.0.3:::::::*
	cpe:2.3:a:lg:lg_ultrawide:1.0.0.3:::::::*
	cpe:2.3:a:lg:lgpcsuite_setup:1.0.0.9:::::::*
	cpe:2.3:a:lg:ultra_hd_driver_setup:1.0.0.3:::::::*

No data.

References

Link	Providers
https://lgsecurity.lge.com/
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587

History

No history.

MITRE

Status: PUBLISHED

Assigner: krcert

Published: 2020-09-14T11:55:29

Updated: 2024-08-04T09:41:01.946Z

Reserved: 2020-01-22T00:00:00

Link: CVE-2020-7807

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-14T12:15:11.037

Modified: 2020-09-21T12:49:03.900

Link: CVE-2020-7807

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Windows(x86, x64)"], "product": "(LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup)", "vendor": "LG Electronics", "versions": [{"status": "affected", "version": "IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup.exe 1.0.0.3"}, {"status": "affected", "version": "LGPCSuite_Setup.exe 1.0.0.9"}]}], "credits": [{"lang": "en", "value": "Eran Shimony"}], "descriptions": [{"lang": "en", "value": "A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-353", "description": "CWE-353 Missing Support for Integrity Check", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-14T11:55:29", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lgsecurity.lge.com/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587"}], "source": {"discovery": "UNKNOWN"}, "title": "DLL Hijacking Vulnerabilities During Installation of LG Electronics Software", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2020-7807", "STATE": "PUBLIC", "TITLE": "DLL Hijacking Vulnerabilities During Installation of LG Electronics Software"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "(LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup)", "version": {"version_data": [{"platform": "Windows(x86, x64)", "version_affected": "=", "version_name": "IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup.exe", "version_value": "1.0.0.3"}, {"platform": "Windows(x86, x64)", "version_affected": "=", "version_name": "LGPCSuite_Setup.exe", "version_value": "1.0.0.9"}]}}]}, "vendor_name": "LG Electronics"}]}}, "credit": [{"lang": "eng", "value": "Eran Shimony"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64)."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-353 Missing Support for Integrity Check"}]}]}, "references": {"reference_data": [{"name": "https://lgsecurity.lge.com/", "refsource": "MISC", "url": "https://lgsecurity.lge.com/"}, {"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587", "refsource": "MISC", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:41:01.946Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lgsecurity.lge.com/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587"}]}]}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2020-7807", "datePublished": "2020-09-14T11:55:29", "dateReserved": "2020-01-22T00:00:00", "dateUpdated": "2024-08-04T09:41:01.946Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:lg:ipsfullhd:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A19A579C-DC0B-4C5C-A68F-58CBF6533B37", "vulnerable": true}, {"criteria": "cpe:2.3:a:lg:lg_ultrawide:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0EB4960C-CD4B-4298-BFF4-4F409E17B2DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:lg:lgpcsuite_setup:1.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "C93B2549-B23C-4394-BF17-673AD01F3A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:lg:ultra_hd_driver_setup:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "42833D6B-C505-4B58-A72F-F6F127A1D5D0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64)."}, {"lang": "es", "value": "Una vulnerabilidad que puede secuestrar un archivo DLL que es cargado durante la instalaci\u00f3n de productos (LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) en un archivo DLL que el hacker desea. Un falta de soporte para la vulnerabilidad de comprobaci\u00f3n de integridad en ____COMPONENT____ de LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) permite a ____ ATTACKER / ATTACK ____ causar ____IMPACT____. Este problema afecta a: LG Electronics; LGPCSuite_Setup: versi\u00f3n 1.0.0.3 en Windows (x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup: versi\u00f3n 1.0.0.9 en Windows (x86, x64)"}], "id": "CVE-2020-7807", "lastModified": "2020-09-21T12:49:03.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.2, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2020-09-14T12:15:11.037", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Vendor Advisory"], "url": "https://lgsecurity.lge.com/"}, {"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-353"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}