CVE-2020-11614
Last modified
CVE-2020-11614 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mids\' Reborn Hero Designer Project | Mids\' Reborn Hero Designer | 2.6.0.7 |
References
- https://github.com/Crytilis/mids-reborn-hero-designer/releasesRelease Notes, Third Party Advisory
- https://www.doyler.net/security-not-included/mids-reborn-vulnerabilitiesExploit, Third Party Advisory
- https://github.com/Crytilis/mids-reborn-hero-designer/releasesRelease Notes, Third Party Advisory
- https://www.doyler.net/security-not-included/mids-reborn-vulnerabilitiesExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-11614?
How severe is CVE-2020-11614?
How do I fix CVE-2020-11614?
Are you affected by CVE-2020-11614?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST