PanteraSoft HDD Health search path or unquoted item vulnerability

Posted date 02/02/2024

Importance

4 - High

Affected Resources

PanteraSoft HDD Health, versions 4.2.0.112 and earlier.

Description

INCIBE has coordinated the publication of a high severity vulnerability affecting HDD Health, a hard disk monitoring tool developed by PanteraSoft, which has been discovered by Jorge Manuel Lozano Gómez.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

CVE-2024-1201: 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | CWE-428.

Solution

There is no reported solution at this time.

Detail

CVE-2024-1201: search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.

References list

Product sheet - HDD Health

Etiquetas

0day
CNA
Vulnerability