Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2020-11560 CVE-2020-11561 |
CWE-ID | CWE-522 CWE-269 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Express Invoice Client/Desktop applications / Office applications |
Vendor | NCH Software |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU34530
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11560
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
MitigationInstall update from vendor's website.
Vulnerable software versionsExpress Invoice: 7.25
External linkshttp://tejaspingulkar.blogspot.com/2020/03/cve-cve-2020-11560-title-clear-text.html
http://www.youtube.com/watch?v=V0BWq33qVCs&feature=youtu.be
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU34531
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11561
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.
MitigationInstall update from vendor's website.
Vulnerable software versionsExpress Invoice: 7.25
External linkshttp://tejaspingulkar.blogspot.com
http://tejaspingulkar.blogspot.com/2020/03/cve-cve-2020-11561-title-escalation-via.html
http://youtu.be/-i2KtBgO3Kw
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.