Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

PanteraSoft HDD Health search path or unquoted item vulnerability

Posted date 02/02/2024
Identificador
INCIBE-2024-0060
Importance
4 - High
Affected Resources
  • PanteraSoft HDD Health, versions 4.2.0.112 and earlier.
Description

INCIBE has coordinated the publication of a high severity vulnerability affecting HDD Health, a hard disk monitoring tool developed by PanteraSoft, which has been discovered by Jorge Manuel Lozano Gómez.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-1201: 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | CWE-428.
Solution

There is no reported solution at this time.

Detail

CVE-2024-1201: search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.

References list
Product sheet - HDD Health
Etiquetas