CVE-2020-5569 — HIGH (8.4) — White Hats Nepal

Q: How severe is CVE-2020-5569?

CVE-2020-5569 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-5569?

Check the references section above for vendor advisories and patch information. Affected products include: Toshiba Password Tool For Windows, Toshiba Hd-Ma10Ts, Toshiba Hd-Ma10Ty, Toshiba Hd-Ma20Ts, Toshiba Hd-Ma20Ty.

Vulnerability Description

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Toshiba	Password Tool For Windows	<= 1.20.6620
Toshiba	Hd-Ma10Ts	-
Toshiba	Hd-Ma10Ty	-
Toshiba	Hd-Ma20Ts	-
Toshiba	Hd-Ma20Ty	-
Toshiba	Hd-Ma30Ts	-
Toshiba	Hd-Ma30Ty	-
Toshiba	Hd-Mb10Ts	-
Toshiba	Hd-Mb10Ty	-
Toshiba	Hd-Mb20Ts	-
Toshiba	Hd-Mb20Ty	-
Toshiba	Hd-Mb30Ts	-
Toshiba	Hd-Mb30Ty	-
Toshiba	Hd-Sa50Gk	-
Toshiba	Hd-Sa50Gs	-
Toshiba	Hd-Sb10Tk	-
Toshiba	Hd-Sb10Ts	-
Toshiba	Hd-Sb50Gk	-
Toshiba	Hd-Sb50Gs	-

Related Weaknesses (CWE)

CWE-428

References

https://jvn.jp/en/jp/JVN13467854/index.htmlThird Party Advisory
https://www.canvio.jp/news/20200420.htmVendor Advisory
https://jvn.jp/en/jp/JVN13467854/index.htmlThird Party Advisory
https://www.canvio.jp/news/20200420.htmVendor Advisory

FAQ

What is CVE-2020-5569?

CVE-2020-5569 is a vulnerability with a CVSS score of 8.4 (HIGH). An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO ...

How severe is CVE-2020-5569?

CVE-2020-5569 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5569?

Check the references section above for vendor advisories and patch information. Affected products include: Toshiba Password Tool For Windows, Toshiba Hd-Ma10Ts, Toshiba Hd-Ma10Ty, Toshiba Hd-Ma20Ts, Toshiba Hd-Ma20Ty.