CVE-2024-1201

Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/panterasoft-hdd-health-search-path-or-unquoted-item-vulnerability	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:panterasoft:hdd_health:*:*:*:*:*:*:*:*

History

09 Feb 2024, 19:27

Type	Values Removed	Values Added
CPE		cpe:2.3:a:panterasoft:hdd_health::::::::
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso/panterasoft-hdd-health-search-path-or-unquoted-item-vulnerability -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso/panterasoft-hdd-health-search-path-or-unquoted-item-vulnerability - Third Party Advisory
First Time		Panterasoft Panterasoft hdd Health

02 Feb 2024, 13:36

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de ruta de búsqueda o elemento sin comillas en HDD Health que afecta a las versiones 4.2.0.112 y anteriores. Esta vulnerabilidad podría permitir que un atacante local almacene un archivo ejecutable malicioso dentro de la ruta de búsqueda sin comillas, lo que resultaría en una escalada de privilegios.

02 Feb 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-02 12:15

Updated : 2024-02-09 19:27

NVD link : CVE-2024-1201

Mitre link : CVE-2024-1201

CVE.ORG link : CVE-2024-1201

JSON object : View

Products Affected

panterasoft

hdd_health

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2024-1201", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-02-02T12:15:49.357", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/panterasoft-hdd-health-search-path-or-unquoted-item-vulnerability", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda o elemento sin comillas en HDD Health que afecta a las versiones 4.2.0.112 y anteriores. Esta vulnerabilidad podr\u00eda permitir que un atacante local almacene un archivo ejecutable malicioso dentro de la ruta de b\u00fasqueda sin comillas, lo que resultar\u00eda en una escalada de privilegios."}], "lastModified": "2024-02-09T19:27:29.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:panterasoft:hdd_health:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B863BB2C-BD8B-4647-93FB-749C1761DED8", "versionEndIncluding": "4.2.0.112"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@incibe.es"}