CVE-2020-7861 in AnySupportinfo

Summary

by MITRE • 04/23/2021

AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 04/29/2021

The vulnerability identified as CVE-2020-7861 affects AnySupport, a remote support solution that enables administrators to manage client computers remotely. This particular flaw exists in versions prior to 2019.3.21.0 and represents a critical directory traversal vulnerability that stems from improper handling of file paths during remote file operations. The vulnerability specifically involves the swprintf function which is responsible for copying files from a management PC to a client PC, creating a pathway for malicious actors to exploit the system's file handling mechanisms.

The technical flaw manifests through the insecure use of the swprintf function, which fails to properly validate or sanitize file paths during the copy operation between management and client systems. This inadequate input validation allows attackers to manipulate the file path parameters and traverse directories outside of the intended scope. The vulnerability operates at the system level where remote file operations are processed, enabling attackers to craft malicious file paths that bypass normal access controls and directory restrictions. The flaw essentially allows for arbitrary file execution because the system does not properly validate the destination paths, permitting attackers to write files to arbitrary locations on the target system.

The operational impact of this vulnerability is severe and multifaceted, as it provides attackers with the capability to execute arbitrary code on compromised systems. Once exploited, the vulnerability enables attackers to install malicious software, modify system files, or establish persistent access to the target environment. The remote nature of the attack means that exploitation can occur from outside the network perimeter without requiring physical access or prior authentication to the system. This vulnerability particularly affects enterprise environments where remote support solutions are commonly deployed, as it can be leveraged to gain unauthorized access to critical infrastructure and sensitive data repositories.

Organizations should implement immediate mitigations including updating to AnySupport version 2019.3.21.0 or later, which contains the necessary patches to address the directory traversal vulnerability. Network segmentation and access controls should be strengthened to limit the exposure of remote support systems, while monitoring should be enhanced to detect anomalous file operations. The vulnerability aligns with CWE-22, which describes improper limitation of a pathname to a restricted directory, and represents a classic example of path traversal attacks that are commonly mapped to ATT&CK technique T1059.007 for command and script interpreter. Additionally, this vulnerability demonstrates the importance of proper input validation and secure coding practices in remote administration tools, particularly those handling file operations across network boundaries. Organizations should also consider implementing network-based intrusion detection systems and regular security assessments to identify similar vulnerabilities in other remote support solutions and enterprise applications.

Responsible

KrCERT/CC

Reservation

01/22/2020

Disclosure

04/23/2021

Moderation

accepted

CPE

ready

EPSS

0.01453

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!