Lucene search

JpcertCVE-2022-34866

HistoryJul 20, 2022 - 7:15 a.m.

CVE-2022-34866

2022-07-2007:15:09

CWE-20

jpcert

web.nvd.nist.gov

cve-2022-34866

passage drive

data verification

vulnerability

arbitrary command execution

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running.

Affected configurations

Nvd

Vulners

Node

yrlpassage_driveRange1.4.0–1.5.1.0

yrlpassage_drive_for_boxMatch1.0.0

VendorProductVersionCPE
yrlpassage_drive*cpe:2.3:a:yrl:passage_drive:*:*:*:*:*:*:*:*
yrlpassage_drive_for_box1.0.0cpe:2.3:a:yrl:passage_drive_for_box:1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yrl	passage_drive	*	cpe:2.3:a:yrl:passage_drive::::::::
yrl	passage_drive_for_box	1.0.0	cpe:2.3:a:yrl:passage_drive_for_box:1.0.0:::::::*

CNA Affected

[
  {
    "product": "Passage Drive",
    "vendor": "Yokogawa Rental & Lease Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN23766146/index.html

www.yrl.com/fwp_support/info/a1hrbt0000002037.html

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-34866