CVE-2021-27574 Information

Description

An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check and request updates. Thus attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update with no SSL errors or warnings.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://axelp.io/MouseTrap https://remotemouse.net/blog/

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1