PT-2024-14036 · Td Bank · Td Advanced Dashboard Client
Published
2024-02-21
·
Updated
2025-05-06
·
CVE-2023-50975
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TD Bank TD Advanced Dashboard client through 3.0.3 for macOS
Description
The issue allows arbitrary code execution due to the lack of electron::fuses::IsRunAsNodeEnabled, which means ELECTRON RUN AS NODE can be used in production. This makes it easier for a compromised process to access banking information.
Recommendations
For TD Bank TD Advanced Dashboard client through 3.0.3 for macOS, consider disabling the use of ELECTRON RUN AS NODE in production until a patch is available. Restrict access to sensitive banking information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Td Advanced Dashboard Client