CVE-2021-44595

Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Common Weakness Enumeration
References
http://dr.com
http://packetstormsecurity.com/files/167036/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
http://wondershare.com
https://medium.com/%40tomerp_77017/wondershell-a82372914f26
http://dr.com
http://packetstormsecurity.com/files/167036/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
http://wondershare.com
https://medium.com/%40tomerp_77017/wondershell-a82372914f26