PT-2020-18544 · Ibm · Hdd Password Tool

Published

2020-04-20

Updated

2020-05-05

CVE-2020-5569

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HDD Password tool versions 1.20.6620 and earlier

Description An unquoted search path issue exists in the HDD Password tool, which registers Windows services with unquoted file paths. If a registered path contains spaces and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.

Recommendations For HDD Password tool versions 1.20.6620 and earlier, consider updating to a version released after 2020 May 10 to resolve the issue. As a temporary workaround, ensure that no malicious executables are placed in paths that could be exploited by this vulnerability. Restrict access to sensitive areas of the system to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2020-5569

Affected Products

Hdd Password Tool

PT-2020-18544 · Ibm · Hdd Password Tool

CVE-2020-5569

Weakness Enumeration

Related Identifiers

Affected Products

References · 5