← Retour aux CVEs

CVE-2020-11614

HIGH

8.1

Description

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.

Details CVE

Score CVSS v3.18.1

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteHIGH

Privileges requisNONE

Interaction utilisateurNONE

Publie6/11/2020

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

mids\'_reborn_hero_designer_project:mids\'_reborn_hero_designer

Faiblesses (CWE)

CWE-319CWE-345

References

https://github.com/Crytilis/mids-reborn-hero-designer/releases(cve@mitre.org)

https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities(cve@mitre.org)

https://github.com/Crytilis/mids-reborn-hero-designer/releases(af854a3a-2127-422b-91ae-364da2661108)

https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.