Main Vulnerability Database SB2020052502

SB2020052502 - Remote code execution in Cybozu Desktop for Windows

Published: May 25, 2020

Security Bulletin ID SB2020052502

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficient verification of data authenticity (CVE-ID: CVE-2020-5537)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the improper data processing when applying the software update. A remote attacker can perform an attack, such as a man-in-the-middle (MITM), subdomain takeover, and etc. to execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

https://jvn.jp/en/jp/JVN59552136/index.html
https://kb.cybozu.support/article/36329/
https://cs.cybozu.co.jp/2020/007043.html