CVE-2020-5569

Published: Apr 20, 2020Modified: Nov 21, 2024

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 5.9

Source: NVD

Description

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.

Affected (1)

Products: Toshiba: Password Tool For Windows

Toshiba

1 product

Password Tool For Windows

Configuration A

1 vulnerable · 18 platform

Vulnerable Software	Affected Versions
Toshiba Password Tool For Windows	Up to 1.20.6620

Running on/with	Platform Versions
Toshiba Hd Ma10ts	All versions
Toshiba Hd Ma10ty	All versions
Toshiba Hd Ma20ts	All versions
Toshiba Hd Ma20ty	All versions
Toshiba Hd Ma30ts	All versions
Toshiba Hd Ma30ty	All versions
Toshiba Hd Mb10ts	All versions
Toshiba Hd Mb10ty	All versions
Toshiba Hd Mb20ts	All versions
Toshiba Hd Mb20ty	All versions
Toshiba Hd Mb30ts	All versions
Toshiba Hd Mb30ty	All versions
Toshiba Hd Sa50gk	All versions
Toshiba Hd Sa50gs	All versions
Toshiba Hd Sb10tk	All versions
Toshiba Hd Sb10ts	All versions
Toshiba Hd Sb50gk	All versions
Toshiba Hd Sb50gs	All versions