본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7861 | AnySupport directory traversing vulnerability2021.04.22
□ Overview
o Koino released security update to address arbitrary file execution through directory traversing vulnerability
in AnySupport(Remote support solution).
Vulnerability Type Impact Severity CVSS Score CVE ID
directory traversing arbitrary file execution High 8.4 CVE-2020-7861
 
□ Description
o AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file
from a management PC to a client PC. This can be lead to arbitrary file execution.(CVE-2020-7861)
 
□ Affected Product
 
Product Version OS
KoinoFTServerDLL.dll 2019.3.21.0 Windows

□ Solution
 o Update program over AnySupport 2019.3.21.0 version or higher.

□ Acknowledgements
 o Thanks to Jeongun Baek for reporting these vulnerabilities.

□ Reference
 [1] https://anysupport.net


□ 작성 : 침해사고분석단 취약점분석팀