CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
33.3%
Some of Toshiba Electronic Devices & Storage software registers Windows services with unquoted file paths (CWE-428).
When a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.
The developer released the update that contains a fix for this vulnerability on 2020 April 28.
Uninstall and/or update HDD Password tool (for Windows) version 1.20.6620
Unintall HDD Password tool (for Windows) version 1.20.6620 and/or update it to the latest version if you continue using it according to the information provided by the developer.
Uninstalling or applying the update will delete/fix the registration of improper Windows services.
How to uninstall:
Delete the password if it is set before uninstalling HDD Password tool (for Windows) version 1.20.6620 and earlier
Uninstall the affected software from the PC if installed
Delete the installer of the affected software
How to update:
Update the software to the latest version
For more information, refer to the information provided by the developer.
HDD Password tool (for Windows) version 1.20.6620 and earlier which are stored in the devices listed below and were downloaded before 2020 May 10 are affected:
CANVIO PREMIUM 3TB
CANVIO PREMIUM 2TB
CANVIO PREMIUM 1TB
CANVIO SLIM 1TB
CANVIO SLIM 500GB
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
33.3%