CVE-2020-5569 - Vulnerability Details

Vendors	Products
Toshiba	Hd-ma10ts Hd-ma10ty Hd-ma20ts Hd-ma20ty Hd-ma30ts Hd-ma30ty Hd-mb10ts Hd-mb10ty Hd-mb20ts Hd-mb20ty Hd-mb30ts Hd-mb30ty Hd-sa50gk Hd-sa50gs Hd-sb10tk Hd-sb10ts Hd-sb50gk Hd-sb50gs Password Tool For Windows

Link	Providers
https://jvn.jp/en/jp/JVN13467854/index.html
https://www.canvio.jp/news/20200420.htm

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "HDD Password tool (for Windows)", "vendor": "Toshiba Electronic Devices & Storage Corporation", "versions": [{"status": "affected", "version": "version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10"}]}], "descriptions": [{"lang": "en", "value": "An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service."}], "problemTypes": [{"descriptions": [{"description": "Unquoted Search Path or Element", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-21T17:49:55", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.canvio.jp/news/20200420.htm"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN13467854/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2020-5569", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HDD Password tool (for Windows)", "version": {"version_data": [{"version_value": "version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10"}]}}]}, "vendor_name": "Toshiba Electronic Devices & Storage Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unquoted Search Path or Element"}]}]}, "references": {"reference_data": [{"name": "https://www.canvio.jp/news/20200420.htm", "refsource": "MISC", "url": "https://www.canvio.jp/news/20200420.htm"}, {"name": "https://jvn.jp/en/jp/JVN13467854/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN13467854/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:30:24.635Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.canvio.jp/news/20200420.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN13467854/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2020-5569", "datePublished": "2020-04-20T07:25:14", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:30:24.635Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : HDD Password tool (for Windows) (string)

vendor : Toshiba Electronic Devices & Storage Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Unquoted Search Path or Element (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-04-21T17:49:55 (string)

orgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

shortName : jpcert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.canvio.jp/news/20200420.htm (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://jvn.jp/en/jp/JVN13467854/index.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : vultures@jpcert.or.jp (string)

ID : CVE-2020-5569 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : HDD Password tool (for Windows) (string)

version : { »

version_data : [ »

0 : { »

version_value : version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10 (string)

}

]

}

]

}

vendor_name : Toshiba Electronic Devices & Storage Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Unquoted Search Path or Element (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.canvio.jp/news/20200420.htm (string)

refsource : MISC (string)

url : https://www.canvio.jp/news/20200420.htm (string)

}

1 : { »

name : https://jvn.jp/en/jp/JVN13467854/index.html (string)

refsource : MISC (string)

url : https://jvn.jp/en/jp/JVN13467854/index.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T08:30:24.635Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.canvio.jp/news/20200420.htm (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://jvn.jp/en/jp/JVN13467854/index.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

assignerShortName : jpcert (string)

cveId : CVE-2020-5569 (string)

datePublished : 2020-04-20T07:25:14 (string)

dateReserved : 2020-01-06T00:00:00 (string)

dateUpdated : 2024-08-04T08:30:24.635Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:toshiba:password_tool_for_windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "A88950F0-8BB2-405E-9DEC-717481228E09", "versionEndIncluding": "1.20.6620", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:toshiba:hd-ma10ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "38439357-BA60-4B05-9BEA-63BD574BC79B", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-ma10ty:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA86A6CF-64AC-4BEA-BC94-7D1E9AE13765", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-ma20ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "819E930D-B646-4BD6-9348-6BC436BA9DDB", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-ma20ty:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EECF3EF-BA4F-4CC5-8C45-3D6B977EFBA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-ma30ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E66B79A-A8FF-4D59-93CB-FACDD9A4EEA1", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-ma30ty:-:*:*:*:*:*:*:*", "matchCriteriaId": "08C9D23F-5932-40A2-9755-0B8D3BE43BD4", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-mb10ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "D08DD4B1-2115-4351-99B1-715BA6FE1912", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-mb10ty:-:*:*:*:*:*:*:*", "matchCriteriaId": "37A727F4-0610-4348-8DED-7E170F431BC6", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-mb20ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA3651CC-0845-4F4C-8AE7-AF7F2663025D", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-mb20ty:-:*:*:*:*:*:*:*", "matchCriteriaId": "F45EF034-6B65-4C08-8965-21882627B508", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-mb30ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "1960457E-620E-44E9-B678-0E0283486F4A", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-mb30ty:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABC2FEC1-92F4-4242-BA71-BEB12D2572F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-sa50gk:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF1A2641-8ADA-4133-848E-469ED1B86AAA", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-sa50gs:-:*:*:*:*:*:*:*", "matchCriteriaId": "8047B58B-5FFC-4CF4-A273-28139631C2E0", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-sb10tk:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CC78FD2-11A4-46ED-A357-5CF71A925F37", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-sb10ts:-:*:*:*:*:*:*:*", "matchCriteriaId": "84030F94-92CB-4BDF-8424-0EDA4B8F01C2", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-sb50gk:-:*:*:*:*:*:*:*", "matchCriteriaId": "B72AA05F-EEF1-40AF-8421-881216FA870B", "vulnerable": false}, {"criteria": "cpe:2.3:h:toshiba:hd-sb50gs:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0E8E5A4-3FDB-46A4-895B-8742D1526AE1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service."}, {"lang": "es", "value": "Existe una vulnerabilidad de ruta de b\u00fasqueda sin comillas en la herramienta de contrase\u00f1a HDD (para Windows) versi\u00f3n 1.20.6620 y anteriores que se almacena en CANVIO PREMIUM 3TB (HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB (HD -MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB (HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB (HD-SB10TK, HD-SB10TS), y CANVIO SLIM 500GB (HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), y que se descarg\u00f3 antes de 2020 el 10 de mayo. Ya que registra los servicios de Windows con rutas de archivos sin comillas, cuando una ruta registrada contiene espacios y un el ejecutable malicioso se coloca en una ruta determinada, puede ejecutarse con el privilegio del servicio de Windows."}], "id": "CVE-2020-5569", "lastModified": "2024-11-21T05:34:17.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-20T08:15:15.130", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN13467854/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.canvio.jp/news/20200420.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN13467854/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.canvio.jp/news/20200420.htm"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:toshiba:password_tool_for_windows:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A88950F0-8BB2-405E-9DEC-717481228E09 (string)

versionEndIncluding : 1.20.6620 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:toshiba:hd-ma10ts:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 38439357-BA60-4B05-9BEA-63BD574BC79B (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:h:toshiba:hd-ma10ty:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EA86A6CF-64AC-4BEA-BC94-7D1E9AE13765 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:h:toshiba:hd-ma20ts:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 819E930D-B646-4BD6-9348-6BC436BA9DDB (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:h:toshiba:hd-ma20ty:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3EECF3EF-BA4F-4CC5-8C45-3D6B977EFBA9 (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:h:toshiba:hd-ma30ts:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3E66B79A-A8FF-4D59-93CB-FACDD9A4EEA1 (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:h:toshiba:hd-ma30ty:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 08C9D23F-5932-40A2-9755-0B8D3BE43BD4 (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:h:toshiba:hd-mb10ts:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D08DD4B1-2115-4351-99B1-715BA6FE1912 (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:h:toshiba:hd-mb10ty:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 37A727F4-0610-4348-8DED-7E170F431BC6 (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:h:toshiba:hd-mb20ts:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CA3651CC-0845-4F4C-8AE7-AF7F2663025D (string)

vulnerable : false (boolean)

}

9 : { »

criteria : cpe:2.3:h:toshiba:hd-mb20ty:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F45EF034-6B65-4C08-8965-21882627B508 (string)

vulnerable : false (boolean)

}

10 : { »

criteria : cpe:2.3:h:toshiba:hd-mb30ts:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1960457E-620E-44E9-B678-0E0283486F4A (string)

vulnerable : false (boolean)

}

11 : { »

criteria : cpe:2.3:h:toshiba:hd-mb30ty:-:*:*:*:*:*:*:* (string)

matchCriteriaId : ABC2FEC1-92F4-4242-BA71-BEB12D2572F0 (string)

vulnerable : false (boolean)

}

12 : { »

criteria : cpe:2.3:h:toshiba:hd-sa50gk:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DF1A2641-8ADA-4133-848E-469ED1B86AAA (string)

vulnerable : false (boolean)

}

13 : { »

criteria : cpe:2.3:h:toshiba:hd-sa50gs:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8047B58B-5FFC-4CF4-A273-28139631C2E0 (string)

vulnerable : false (boolean)

}

14 : { »

criteria : cpe:2.3:h:toshiba:hd-sb10tk:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1CC78FD2-11A4-46ED-A357-5CF71A925F37 (string)

vulnerable : false (boolean)

}

15 : { »

criteria : cpe:2.3:h:toshiba:hd-sb10ts:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 84030F94-92CB-4BDF-8424-0EDA4B8F01C2 (string)

vulnerable : false (boolean)

}

16 : { »

criteria : cpe:2.3:h:toshiba:hd-sb50gk:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B72AA05F-EEF1-40AF-8421-881216FA870B (string)

vulnerable : false (boolean)

}

17 : { »

criteria : cpe:2.3:h:toshiba:hd-sb50gs:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B0E8E5A4-3FDB-46A4-895B-8742D1526AE1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service. (string)

}

1 : { »

lang : es (string)

value : Existe una vulnerabilidad de ruta de búsqueda sin comillas en la herramienta de contraseña HDD (para Windows) versión 1.20.6620 y anteriores que se almacena en CANVIO PREMIUM 3TB (HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB (HD -MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB (HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB (HD-SB10TK, HD-SB10TS), y CANVIO SLIM 500GB (HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), y que se descargó antes de 2020 el 10 de mayo. Ya que registra los servicios de Windows con rutas de archivos sin comillas, cuando una ruta registrada contiene espacios y un el ejecutable malicioso se coloca en una ruta determinada, puede ejecutarse con el privilegio del servicio de Windows. (string)

}

]

id : CVE-2020-5569 (string)

lastModified : 2024-11-21T05:34:17.387 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 8.4 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.5 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-04-20T08:15:15.130 (string)

references : [ »

0 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://jvn.jp/en/jp/JVN13467854/index.html (string)

}

1 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.canvio.jp/news/20200420.htm (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://jvn.jp/en/jp/JVN13467854/index.html (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.canvio.jp/news/20200420.htm (string)

}

]

sourceIdentifier : vultures@jpcert.or.jp (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-428 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object