Details of VAR-202005-1089

ID

VAR-202005-1089

TITLE

Beijing Jiekong Technology Co., Ltd. FameView has DLL hijacking vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-25094

DESCRIPTION

FameView configuration software is a high-performance configuration monitoring software based on Windows operating system, independently developed by FJView, which has many years of engineering application and service experience. FameView of Beijing Jiekong Technology Co., Ltd. has a DLL hijacking vulnerability, which can be exploited by an attacker by placing a specially crafted DLL file on the target system to execute arbitrary code and obtain server permissions.

Trust: 0.6

sources: CNVD: CNVD-2020-25094

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25094

AFFECTED PRODUCTS

vendor:

jiekong

model:

fameview configuration software

scope:

version:

7.6.20.1

Trust: 0.6

sources: CNVD: CNVD-2020-25094

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-25094
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2020-25094
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-25094

PATCH

title:

FameView V7.6.20.1 has DLL hijacking vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/213165

Trust: 0.6

sources: CNVD: CNVD-2020-25094

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-25094

Trust: 0.6

sources: CNVD: CNVD-2020-25094

SOURCES

db:

CNVD

id:

CNVD-2020-25094

LAST UPDATE DATE

2022-05-04T10:25:45.191000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-25094

date:

2020-05-06T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-25094

date:

2020-05-23T00:00:00