github - ghsa-mg44-xqjw-5phc

ghsa-mg44-xqjw-5phc

Vulnerability from github

Published

2022-05-24 17:15

Modified

2022-05-24 17:15

Details

An unquoted search path vulnerability exists HDD Password tool (for Windows) in version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5569"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-20T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An unquoted search path vulnerability exists HDD Password tool (for Windows) in version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10.",
  "id": "GHSA-mg44-xqjw-5phc",
  "modified": "2022-05-24T17:15:50Z",
  "published": "2022-05-24T17:15:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5569"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN13467854/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.canvio.jp/news/20200420.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-5569 (GCVE-0-2020-5569)

Vulnerability from cvelistv5

Published

2020-04-20 07:25

Modified

2024-08-04 08:30

Severity ?

CWE

Unquoted Search Path or Element

Summary

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.

References

URL

Tags

	https://www.canvio.jp/news/20200420.htm	x_refsource_MISC
	https://jvn.jp/en/jp/JVN13467854/index.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Toshiba Electronic Devices & Storage Corporation	HDD Password tool (for Windows)	Version: version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10

Show details on NVD website