CVE-2020-5569
Severity Score
8.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.
Existe una vulnerabilidad de ruta de búsqueda sin comillas en la herramienta de contraseña HDD (para Windows) versión 1.20.6620 y anteriores que se almacena en CANVIO PREMIUM 3TB (HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB (HD -MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB (HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB (HD-SB10TK, HD-SB10TS), y CANVIO SLIM 500GB (HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), y que se descargó antes de 2020 el 10 de mayo. Ya que registra los servicios de Windows con rutas de archivos sin comillas, cuando una ruta registrada contiene espacios y un el ejecutable malicioso se coloca en una ruta determinada, puede ejecutarse con el privilegio del servicio de Windows.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-06 CVE Reserved
- 2020-04-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-428: Unquoted Search Path or Element
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/jp/JVN13467854/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.canvio.jp/news/20200420.htm | 2020-05-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-ma10ts Search vendor "Toshiba" for product "Hd-ma10ts" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-ma10ty Search vendor "Toshiba" for product "Hd-ma10ty" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-ma20ts Search vendor "Toshiba" for product "Hd-ma20ts" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-ma20ty Search vendor "Toshiba" for product "Hd-ma20ty" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-ma30ts Search vendor "Toshiba" for product "Hd-ma30ts" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-ma30ty Search vendor "Toshiba" for product "Hd-ma30ty" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-mb10ts Search vendor "Toshiba" for product "Hd-mb10ts" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-mb10ty Search vendor "Toshiba" for product "Hd-mb10ty" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-mb20ts Search vendor "Toshiba" for product "Hd-mb20ts" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-mb20ty Search vendor "Toshiba" for product "Hd-mb20ty" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-mb30ts Search vendor "Toshiba" for product "Hd-mb30ts" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-mb30ty Search vendor "Toshiba" for product "Hd-mb30ty" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-sa50gk Search vendor "Toshiba" for product "Hd-sa50gk" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-sa50gs Search vendor "Toshiba" for product "Hd-sa50gs" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-sb10tk Search vendor "Toshiba" for product "Hd-sb10tk" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-sb10ts Search vendor "Toshiba" for product "Hd-sb10ts" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-sb50gk Search vendor "Toshiba" for product "Hd-sb50gk" | - | - |
Safe
|
| Toshiba Search vendor "Toshiba" | Password Tool For Windows Search vendor "Toshiba" for product "Password Tool For Windows" | <= 1.20.6620 Search vendor "Toshiba" for product "Password Tool For Windows" and version " <= 1.20.6620" | - |
Affected
| in | Toshiba Search vendor "Toshiba" | Hd-sb50gs Search vendor "Toshiba" for product "Hd-sb50gs" | - | - |
Safe
|