CVE-2021-35230 – Unquoted Path Vulnerability (SMB Login) in Kiwi CatTools

https://notcve.org/view.php?id=CVE-2021-35230

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Como resultado de una vulnerabilidad de ruta de servicio no citada presente en el Asistente de Instalación de Kiwi CatTools, un atacante local podría alcanzar privilegios escalados al insertar un ejecutable en la ruta del servicio afectado o en la entrada de desinstalación • https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35230 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •