Vulnerability Details CVE-2020-5569
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.4%
CVSS Severity
CVSS v3 Score 8.4
CVSS v2 Score 4.6
References
Products affected by CVE-2020-5569
-
cpe:2.3:a:toshiba:password_tool_for_windows:1.20.6620
-
cpe:2.3:h:toshiba:hd-ma10ts:-
-
cpe:2.3:h:toshiba:hd-ma10ty:-
-
cpe:2.3:h:toshiba:hd-ma20ts:-
-
cpe:2.3:h:toshiba:hd-ma20ty:-
-
cpe:2.3:h:toshiba:hd-ma30ts:-
-
cpe:2.3:h:toshiba:hd-ma30ty:-
-
cpe:2.3:h:toshiba:hd-mb10ts:-
-
cpe:2.3:h:toshiba:hd-mb10ty:-
-
cpe:2.3:h:toshiba:hd-mb20ts:-
-
cpe:2.3:h:toshiba:hd-mb20ty:-
-
cpe:2.3:h:toshiba:hd-mb30ts:-
-
cpe:2.3:h:toshiba:hd-mb30ty:-
-
cpe:2.3:h:toshiba:hd-sa50gk:-
-
cpe:2.3:h:toshiba:hd-sa50gs:-
-
cpe:2.3:h:toshiba:hd-sb10tk:-
-
cpe:2.3:h:toshiba:hd-sb10ts:-
-
cpe:2.3:h:toshiba:hd-sb50gk:-
-
cpe:2.3:h:toshiba:hd-sb50gs:-