JpcertCVE-2020-5569CVE-2020-5569
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
33.3%
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| toshiba | hd-ma10ts | - | cpe:2.3:h:toshiba:hd-ma10ts:-:*:*:*:*:*:*:* |
| toshiba | hd-ma10ty | - | cpe:2.3:h:toshiba:hd-ma10ty:-:*:*:*:*:*:*:* |
| toshiba | hd-ma20ts | - | cpe:2.3:h:toshiba:hd-ma20ts:-:*:*:*:*:*:*:* |
| toshiba | hd-ma20ty | - | cpe:2.3:h:toshiba:hd-ma20ty:-:*:*:*:*:*:*:* |
| toshiba | hd-ma30ts | - | cpe:2.3:h:toshiba:hd-ma30ts:-:*:*:*:*:*:*:* |
| toshiba | hd-ma30ty | - | cpe:2.3:h:toshiba:hd-ma30ty:-:*:*:*:*:*:*:* |
| toshiba | hd-mb10ts | - | cpe:2.3:h:toshiba:hd-mb10ts:-:*:*:*:*:*:*:* |
| toshiba | hd-mb10ty | - | cpe:2.3:h:toshiba:hd-mb10ty:-:*:*:*:*:*:*:* |
| toshiba | hd-mb20ts | - | cpe:2.3:h:toshiba:hd-mb20ts:-:*:*:*:*:*:*:* |
| toshiba | hd-mb20ty | - | cpe:2.3:h:toshiba:hd-mb20ty:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "HDD Password tool (for Windows)",
"vendor": "Toshiba Electronic Devices & Storage Corporation",
"versions": [
{
"status": "affected",
"version": "version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10"
}
]
}
]Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
33.3%