Search criteria
2 vulnerabilities found for PrivateAccess Windows App by SanDisk
CVE-2024-22167 (GCVE-0-2024-22167)
Vulnerability from cvelistv5 – Published: 2024-03-13 20:43 – Updated: 2024-08-28 19:11
VLAI?
Summary
A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. This attack is limited to the system in context and cannot be propagated.
Severity ?
7.9 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SanDisk | PrivateAccess Windows App |
Affected:
0 , < 6.4.10
(custom)
|
Credits
Western Digital would like to thank Alexander Huaman Jaimes for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-11"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:westerndigital:sandisk_privateaccess:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sandisk_privateaccess",
"vendor": "westerndigital",
"versions": [
{
"lessThan": "6.4.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T19:57:33.746235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T19:11:57.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "PrivateAccess Windows App",
"vendor": "SanDisk",
"versions": [
{
"lessThan": "6.4.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Western Digital would like to thank Alexander Huaman Jaimes for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user\u0027s vault or has already gained access into a user\u0027s system. This attack is limited to the system in context and cannot be propagated.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user\u0027s vault or has already gained access into a user\u0027s system. This attack is limited to the system in context and cannot be propagated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T23:05:34.318Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-11"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Windows users should upgrade to PrivateAccess version 6.4.10 using this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloads.sandisk.com/downloads/privateaccess-win.exe\"\u003ePrivateAccess for Windows\u003c/a\u003e.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo take advantage of the latest security fixes, Western Digital recommends that Windows users promptly update their devices to the latest software. As with any upgrade, it is best to back up your data before installing the upgrade.\u0026nbsp;\u003cp\u003eFor support and download information, please refer to our Support Knowledge Base \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support-en.wd.com/app/answers/detailweb/a_id/49556\"\u003earticle\u003c/a\u003e.\u003c/p\u003e\u003c/span\u003e"
}
],
"value": "Windows users should upgrade to PrivateAccess version 6.4.10 using this link: PrivateAccess for Windows https://downloads.sandisk.com/downloads/privateaccess-win.exe .\u00a0To take advantage of the latest security fixes, Western Digital recommends that Windows users promptly update their devices to the latest software. As with any upgrade, it is best to back up your data before installing the upgrade.\u00a0For support and download information, please refer to our Support Knowledge Base article https://support-en.wd.com/app/answers/detailweb/a_id/49556 ."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SanDisk PrivateAccess DLL Hijacking Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2024-22167",
"datePublished": "2024-03-13T20:43:06.776Z",
"dateReserved": "2024-01-05T18:43:18.487Z",
"dateUpdated": "2024-08-28T19:11:57.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22167 (GCVE-0-2024-22167)
Vulnerability from nvd – Published: 2024-03-13 20:43 – Updated: 2024-08-28 19:11
VLAI?
Summary
A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. This attack is limited to the system in context and cannot be propagated.
Severity ?
7.9 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SanDisk | PrivateAccess Windows App |
Affected:
0 , < 6.4.10
(custom)
|
Credits
Western Digital would like to thank Alexander Huaman Jaimes for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-11"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:westerndigital:sandisk_privateaccess:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sandisk_privateaccess",
"vendor": "westerndigital",
"versions": [
{
"lessThan": "6.4.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T19:57:33.746235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T19:11:57.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "PrivateAccess Windows App",
"vendor": "SanDisk",
"versions": [
{
"lessThan": "6.4.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Western Digital would like to thank Alexander Huaman Jaimes for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user\u0027s vault or has already gained access into a user\u0027s system. This attack is limited to the system in context and cannot be propagated.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user\u0027s vault or has already gained access into a user\u0027s system. This attack is limited to the system in context and cannot be propagated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T23:05:34.318Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-11"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Windows users should upgrade to PrivateAccess version 6.4.10 using this link: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://downloads.sandisk.com/downloads/privateaccess-win.exe\"\u003ePrivateAccess for Windows\u003c/a\u003e.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo take advantage of the latest security fixes, Western Digital recommends that Windows users promptly update their devices to the latest software. As with any upgrade, it is best to back up your data before installing the upgrade.\u0026nbsp;\u003cp\u003eFor support and download information, please refer to our Support Knowledge Base \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support-en.wd.com/app/answers/detailweb/a_id/49556\"\u003earticle\u003c/a\u003e.\u003c/p\u003e\u003c/span\u003e"
}
],
"value": "Windows users should upgrade to PrivateAccess version 6.4.10 using this link: PrivateAccess for Windows https://downloads.sandisk.com/downloads/privateaccess-win.exe .\u00a0To take advantage of the latest security fixes, Western Digital recommends that Windows users promptly update their devices to the latest software. As with any upgrade, it is best to back up your data before installing the upgrade.\u00a0For support and download information, please refer to our Support Knowledge Base article https://support-en.wd.com/app/answers/detailweb/a_id/49556 ."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SanDisk PrivateAccess DLL Hijacking Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2024-22167",
"datePublished": "2024-03-13T20:43:06.776Z",
"dateReserved": "2024-01-05T18:43:18.487Z",
"dateUpdated": "2024-08-28T19:11:57.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}