PT-2023-26383 · Minitool · Minitool Power Data Recovery
0Dr3F
·
Published
2023-09-19
·
Updated
2023-09-22
·
CVE-2023-38356
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MiniTool Power Data Recovery version 11.6
Description
The issue is related to an insecure installation process in MiniTool Power Data Recovery, which can be exploited through a man-in-the-middle attack, allowing attackers to achieve remote code execution.
Recommendations
For MiniTool Power Data Recovery version 11.6, update to a newer version that addresses the insecure installation process to prevent remote code execution through man-in-the-middle attacks.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Minitool Power Data Recovery