PT-2024-2140 · Sandisk · Sandisk Privateaccess

Alexander Huaman Jaimes

Published

2024-03-05

Updated

2024-06-24

CVE-2024-22167

CVSS v3.1

7.9

High

Vector

AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions SanDisk PrivateAccess (affected versions not specified)

Description A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows could lead to arbitrary code execution in the context of the system user. This issue is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. The attack is limited to the system in context and cannot be propagated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Untrusted Search Path

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426CWE-427

Related Identifiers

BDU:2024-02049

CVE-2024-22167

Affected Products

Sandisk Privateaccess

PT-2024-2140 · Sandisk · Sandisk Privateaccess

CVE-2024-22167

Weakness Enumeration

Related Identifiers

Affected Products

References · 6