CVE-2020-27544

moderate-risk
Published 2023-08-11

An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.

Do I need to act?

~
2.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 9b619ae64443997948a36dda01b420578de1af77, 9b619ae64443997948a36dda01b420578de1af77
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Client Advanced Control

Affected Vendors

Foldingathome

References (2)

Patch https://github.com/FoldingAtHome/fah-control/commit/9b619ae64443997948a36dda01b4...
Patch https://github.com/FoldingAtHome/fah-control/commit/9b619ae64443997948a36dda01b4...
42
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 5/34 · Minimal
Exposure 5/34 · Minimal