CVE-2020-37119 – Nsauditor Remote Code Execution Vulnerability
“A malicious network file could turn a trusted auditing tool into a gateway for attackers.”
This patch addresses a high-severity vulnerability (CVE-2020-37119) affecting Nsauditor, a network security auditing and monitoring tool. The issue exists in the application’s handling of certain crafted project or network data files, where improper memory management can lead to memory corruption.
An attacker can exploit this weakness by persuading a user to open a maliciously crafted file within Nsauditor. When processed, the file can trigger remote code execution, allowing attackers to run arbitrary commands on the affected system with the privileges of the user. CVE-2020-37119 carries a CVSS v3.1 score of 7.8 (High).
Updates to the software correct the unsafe memory handling and improve validation when processing external data files. Systems running vulnerable versions remain exposed until the patched version of Nsauditor is installed.
Key Details
- Affected Product
- Nsasoft Nsauditor
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-121