CVE-2022-34866

Name of the Vulnerable Software and Affected Versions Passage Drive versions v1.4.0 to v1.5.1.0 Passage Drive for Box version v1.0.0

Description The issue is related to insufficient data verification for interprocess communication, which can be exploited by running a malicious program. This exploitation can lead to the execution of an arbitrary OS command with LocalSystem privilege of the Windows system where the product is running.

Recommendations For Passage Drive versions v1.4.0 to v1.5.1.0, consider disabling interprocess communication functionality until a patch is available. For Passage Drive for Box version v1.0.0, restrict the use of the vulnerable component to minimize the risk of exploitation. As a temporary workaround, avoid running untrusted programs on the Windows system where the product is installed.