CVE-2021-20722
Last modified
CVE-2021-20722 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fujitsu | Scansnap Manager | < 7.0l20 |
References
- https://jvn.jp/en/jp/JVN65733194/index.htmlThird Party Advisory
- https://scansnap.fujitsu.com/global/dl/Product, Vendor Advisory
- https://jvn.jp/en/jp/JVN65733194/index.htmlThird Party Advisory
- https://scansnap.fujitsu.com/global/dl/Product, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-20722?
How severe is CVE-2021-20722?
How do I fix CVE-2021-20722?
Are you affected by CVE-2021-20722?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST