Skip to main content

Desktop CVE-2020-5537

CRITICAL
Improper Input Validation (CWE-20)
2020-05-25 vultures@jpcert.or.jp
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 25, 2020 - 06:15 nvd
CRITICAL 9.8

DescriptionNVD

Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.

AnalysisAI

Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. Affected products include: Cybozu Desktop.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-22879 HIGH POC
8.8 Apr 14

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowi

CVE-2020-8224 HIGH POC
7.8 Aug 10

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL confi

CVE-2023-1802 HIGH POC
7.5 Apr 06

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the H

CVE-2020-8227 MEDIUM POC
6.8 Aug 21

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Serv

CVE-2020-8140 MEDIUM POC
6.7 Mar 20

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client wit

CVE-2020-10665 MEDIUM POC
6.7 Mar 18

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnost

CVE-2023-28997 MEDIUM POC
6.5 Apr 04

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.5), thi

CVE-2021-32728 MEDIUM POC
6.5 Aug 18

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Rated medium severity

CVE-2023-28999 MEDIUM POC
6.4 Apr 04

Nextcloud is an open-source productivity platform. Rated medium severity (CVSS 6.4), this vulnerability is remotely expl

CVE-2023-28998 MEDIUM POC
6.1 Apr 04

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.1), thi

CVE-2022-39333 MEDIUM POC
6.1 Nov 25

Nexcloud desktop is the Desktop sync client for Nextcloud. Rated medium severity (CVSS 6.1), this vulnerability is remot

CVE-2021-22895 MEDIUM POC
5.9 Jun 11

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate ve

Share

CVE-2020-5537 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy