CVE-2024-1201

EPSS 0.19%
Veröffentlicht 02.02.2024 12:15:49
Zuletzt bearbeitet 21.11.2024 08:50:01
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

PanteraSoft HDD Health search path or unquoted item vulnerability

Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Panterasoft ≫ Hdd Health Version <= 4.2.0.112

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.092

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve-coordination@incibe.es	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

https://www.incibe.es/en/incibe-cert/notices/aviso/panterasoft-hdd-health-search-path-or-unquoted-item-vulnerability

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1201

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1201

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1201

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-1201