PT-2020-20396 · Western Digital · Western Digital Ssd Dashboard

Eli Paz

Published

2020-02-19

Updated

2020-02-27

CVE-2020-8959

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Western Digital WesternDigitalSSDDashboardSetup.exe versions prior to 3.0.2.0

Description The issue allows DLL Hijacking, which can be exploited due to a flaw in the Western Digital WesternDigitalSSDDashboardSetup.exe. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 3.0.2.0, update to version 3.0.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the loading of external DLLs by the WesternDigitalSSDDashboardSetup.exe until a patch is applied.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-8959

Affected Products

Western Digital Ssd Dashboard

PT-2020-20396 · Western Digital · Western Digital Ssd Dashboard

CVE-2020-8959

Weakness Enumeration

Related Identifiers

Affected Products

References · 5