CVE-2020-7358
Last modified
CVE-2020-7358 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an installation and any arbitrary code executable using the same file name.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rapid7 | Appspider | < 7.2.126 |
References
- https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126Release Notes, Vendor Advisory
- https://help.rapid7.com/appspider/release-notes/index.html?pid=7.2.126Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7358?
How severe is CVE-2020-7358?
How do I fix CVE-2020-7358?
Are you affected by CVE-2020-7358?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST