CVE-2020-5569

EPSS 0.16%
Veröffentlicht 20.04.2020 08:15:15
Zuletzt bearbeitet 21.11.2024 05:34:17
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Toshiba ≫ Password Tool For Windows Version <= 1.20.6620

   Toshiba ≫ Hd-ma10ts Version-
   Toshiba ≫ Hd-ma10ty Version-
   Toshiba ≫ Hd-ma20ts Version-
   Toshiba ≫ Hd-ma20ty Version-
   Toshiba ≫ Hd-ma30ts Version-
   Toshiba ≫ Hd-ma30ty Version-
   Toshiba ≫ Hd-mb10ts Version-
   Toshiba ≫ Hd-mb10ty Version-
   Toshiba ≫ Hd-mb20ts Version-
   Toshiba ≫ Hd-mb20ty Version-
   Toshiba ≫ Hd-mb30ts Version-
   Toshiba ≫ Hd-mb30ty Version-
   Toshiba ≫ Hd-sa50gk Version-
   Toshiba ≫ Hd-sa50gs Version-
   Toshiba ≫ Hd-sb10tk Version-
   Toshiba ≫ Hd-sb10ts Version-
   Toshiba ≫ Hd-sb50gk Version-
   Toshiba ≫ Hd-sb50gs Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.376

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

https://jvn.jp/en/jp/JVN13467854/index.html

Third Party Advisory

https://www.canvio.jp/news/20200420.htm

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5569

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5569

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5569

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-5569