Main Vulnerability Database SB2020042005

SB2020042005 - Unquoted Search Path or Element in Toshiba HDD Password tool for Windows

Published: April 20, 2020

Security Bulletin ID SB2020042005

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Unquoted Search Path or Element (CVE-ID: CVE-2020-5569)

The vulnerability allows a local attacker to escalate privileges on the target system.

The vulnerability exists due to the affected software registers Windows services with unquoted file paths. When a registered path contains spaces, a local attacker can place a malicious executable on a certain path and execute it with the privilege of the Windows service.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://jvn.jp/en/jp/JVN13467854/index.html

SB2020042005 - Unquoted Search Path or Element in Toshiba HDD Password tool for Windows

Breakdown by Severity

Description

Remediation

References

Please verify you're human