CVE Vulnerabilities

CVE-2020-7807

Missing Support for Integrity Check

Published: Sep 14, 2020 | Modified: Nov 21, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.x
1.9 LOW
AV:L/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in COMPONENT of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ATTACKER/ATTACK to cause IMPACT. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).

Weakness

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

Affected Software

Name Vendor Start Version End Version
Ipsfullhd Lg 1.0.0.3 (including) 1.0.0.3 (including)
Lg_ultrawide Lg 1.0.0.3 (including) 1.0.0.3 (including)
Lgpcsuite_setup Lg 1.0.0.9 (including) 1.0.0.9 (including)
Ultra_hd_driver_setup Lg 1.0.0.3 (including) 1.0.0.3 (including)

Potential Mitigations

References