Unquoted Search Path or Element in Toshiba HDD Password tool for Windows



Published: 2020-04-20
Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2020-5569
CWE-ID CWE-428
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		CANVIO PREMIUM 3TB HD-MB30TY
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 3TB HD-MA30TY
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 3TB HD-MB30TS
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 3TB HD-MA30TS
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 2TB HD-MB20TY
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 2TB HD-MA20TY
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 2TB HD-MB20TS
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 2TB HD-MA20TS
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 1TB HD-MB10TY
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 1TB HD-MA10TY
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 1TB HD-MB10TS
Hardware solutions / Other hardware appliances

CANVIO PREMIUM 1TB HD-MA10TS
Hardware solutions / Other hardware appliances

CANVIO SLIM 1TB HD-SB10TK
Hardware solutions / Other hardware appliances

CANVIO SLIM 1TB HD-SB10TS
Hardware solutions / Other hardware appliances

CANVIO SLIM 500GB HD-SB50GK
Hardware solutions / Other hardware appliances

CANVIO SLIM 500GB HD-SA50GK
Hardware solutions / Other hardware appliances

CANVIO SLIM 500GB HD-SB50GS
Hardware solutions / Other hardware appliances

CANVIO SLIM 500GB HD-SA50GS
Hardware solutions / Other hardware appliances

HDD Password tool
Other software / Other software solutions

Vendor Toshiba

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Unquoted Search Path or Element

EUVDB-ID: #VU27021

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-5569

CWE-ID: CWE-428 - Unquoted Search Path or Element

Exploit availability: No

Description

The vulnerability allows a local attacker to escalate privileges on the target system.

The vulnerability exists due to the affected software registers Windows services with unquoted file paths. When a registered path contains spaces, a local attacker can place a malicious executable on a certain path and execute it with the privilege of the Windows service. 

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

CANVIO PREMIUM 3TB HD-MB30TY: All versions

CANVIO PREMIUM 3TB HD-MA30TY: All versions

CANVIO PREMIUM 3TB HD-MB30TS: All versions

CANVIO PREMIUM 3TB HD-MA30TS: All versions

CANVIO PREMIUM 2TB HD-MB20TY: All versions

CANVIO PREMIUM 2TB HD-MA20TY: All versions

CANVIO PREMIUM 2TB HD-MB20TS: All versions

CANVIO PREMIUM 2TB HD-MA20TS: All versions

CANVIO PREMIUM 1TB HD-MB10TY: All versions

CANVIO PREMIUM 1TB HD-MA10TY: All versions

CANVIO PREMIUM 1TB HD-MB10TS: All versions

CANVIO PREMIUM 1TB HD-MA10TS: All versions

CANVIO SLIM 1TB HD-SB10TK: All versions

CANVIO SLIM 1TB HD-SB10TS: All versions

CANVIO SLIM 500GB HD-SB50GK: All versions

CANVIO SLIM 500GB HD-SA50GK: All versions

CANVIO SLIM 500GB HD-SB50GS: All versions

CANVIO SLIM 500GB HD-SA50GS: All versions

HDD Password tool: 1.20.6620

External links

http://jvn.jp/en/jp/JVN13467854/index.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###