Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-5569
HistoryApr 20, 2020 - 8:15 a.m.

CVE-2020-5569

2020-04-2008:15:15
CWE-428
[email protected]
web.nvd.nist.gov
1

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

33.3%

JSON

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.

Affected configurations

Nvd
Node
toshibahd-ma10tsMatch-
OR
toshibahd-ma10tyMatch-
OR
toshibahd-ma20tsMatch-
OR
toshibahd-ma20tyMatch-
OR
toshibahd-ma30tsMatch-
OR
toshibahd-ma30tyMatch-
OR
toshibahd-mb10tsMatch-
OR
toshibahd-mb10tyMatch-
OR
toshibahd-mb20tsMatch-
OR
toshibahd-mb20tyMatch-
OR
toshibahd-mb30tsMatch-
OR
toshibahd-mb30tyMatch-
OR
toshibahd-sa50gkMatch-
OR
toshibahd-sa50gsMatch-
OR
toshibahd-sb10tkMatch-
OR
toshibahd-sb10tsMatch-
OR
toshibahd-sb50gkMatch-
OR
toshibahd-sb50gsMatch-
AND
toshibapassword_tool_for_windowsRange1.20.6620
VendorProductVersionCPE
toshibahd-ma10ts-cpe:2.3:h:toshiba:hd-ma10ts:-:*:*:*:*:*:*:*
toshibahd-ma10ty-cpe:2.3:h:toshiba:hd-ma10ty:-:*:*:*:*:*:*:*
toshibahd-ma20ts-cpe:2.3:h:toshiba:hd-ma20ts:-:*:*:*:*:*:*:*
toshibahd-ma20ty-cpe:2.3:h:toshiba:hd-ma20ty:-:*:*:*:*:*:*:*
toshibahd-ma30ts-cpe:2.3:h:toshiba:hd-ma30ts:-:*:*:*:*:*:*:*
toshibahd-ma30ty-cpe:2.3:h:toshiba:hd-ma30ty:-:*:*:*:*:*:*:*
toshibahd-mb10ts-cpe:2.3:h:toshiba:hd-mb10ts:-:*:*:*:*:*:*:*
toshibahd-mb10ty-cpe:2.3:h:toshiba:hd-mb10ty:-:*:*:*:*:*:*:*
toshibahd-mb20ts-cpe:2.3:h:toshiba:hd-mb20ts:-:*:*:*:*:*:*:*
toshibahd-mb20ty-cpe:2.3:h:toshiba:hd-mb20ty:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

Related

jvn 1
cvelist 1
prion 1
cve 1
openvas 1
jvn
jvn
JVN#13467854: Toshiba Electronic Devices & Storage software registers unquoted service paths
2020-04-20 00:00:00
cvelist
cvelist
CVE-2020-5569
2020-04-20 07:25:14
prion
prion
Design/Logic Flaw
2020-04-20 08:15:00
cve
cve
CVE-2020-5569
2020-04-20 08:15:15
openvas
openvas
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
2018-03-23 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

33.3%

JSON
Related for NVD:CVE-2020-5569
jvn1cvelist1prion1cve1openvas1