Vulnerability Name:

CVE-2020-7807

Assigned:2020-09-14
Published:2020-09-14
Updated:2020-09-21
Summary:A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-354
References:Source: MITRE
Type: CNA
CVE-2020-7807

Source: MISC
Type: Vendor Advisory
https://lgsecurity.lge.com/

Source: MISC
Type: Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587

Vulnerable Configuration:Configuration 1:
  • cpe:/a:lg:ipsfullhd:1.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:lg:lg_ultrawide:1.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:lg:lgpcsuite_setup:1.0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:lg:ultra_hd_driver_setup:1.0.0.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2020-7807 (CCN-188253)

    Assigned:2020-09-08
    Published:2020-09-08
    Updated:2020-09-21
    Summary:A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).
    CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
    4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): Required
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): High
    Availibility (A): None
    8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
    7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Medium
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): None
    7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Type:CWE-354
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2020-7807

    Source: XF
    Type: UNKNOWN
    lg-cve20207807-code-exec(188253)

    Source: CCN
    Type: LG Security Web site
    LG Security Bulletins

    Source: MISC
    Type: Vendor Advisory
    https://lgsecurity.lge.com/

    Source: CCN
    Type: KrCERT Security Advisory 35587
    CVE-2020-7807 | DLL Hijacking Vulnerabilities During Installation of LG Electronics Software

    Source: MISC
    Type: Third Party Advisory
    https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35587

    BACK
    lg ipsfullhd 1.0.0.3
    lg lg ultrawide 1.0.0.3
    lg lgpcsuite setup 1.0.0.9
    lg ultra hd driver setup 1.0.0.3
    microsoft windows -