CVE-2018-20341

EPSS 0.06%
Veröffentlicht 08.04.2019 15:29:01
Zuletzt bearbeitet 21.11.2024 04:01:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system will know where to find it. However if the path of where the application binary is located doesn't contain any quotes then Windows will try to find it and execute it inside every folder of this path until they reach the executable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Winmagic ≫ Securedoc Disk Encryption Version < 8.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.153

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

http://downloads.winmagic.info/manuals/Release_Notes_8.3.pdf

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-20341

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-20341

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-20341

EUVD