CVE-2020-7878
Published: 28 December 2021
Summary
CVE-2020-7878 is a critical-severity Missing Support for Integrity Check (CWE-353) vulnerability in 4Nb Videooffice. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 43.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-28810
Vulnerability details
An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Mandates provision of authenticity and integrity artifacts that enable verification of name/address resolution data.
Control requires verification of data authenticity/integrity (e.g., checksums) after aggregation/packing, directly reducing exploitation of insufficient verification before transmission.
Directly supplies the missing integrity verification mechanism the weakness describes.
Provenance documentation and monitoring directly enables verification of authenticity for components and data throughout their history.
The control implements verification mechanisms that detect tampering by ensuring data authenticity.
Irrefutable evidence of actions requires integrity protection to prevent tampering or alteration of records.
Implements required signature-based integrity verification, addressing missing support for integrity checks on components.
Directly requires independent verification of matching output before adverse decisions, mitigating insufficient authenticity checks on data from external sources.