exploitDog

CVE-2022-34866

Опубликовано: 20 июл. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running.

Ссылки

https://jvn.jp/en/jp/JVN23766146/index.html
Third Party Advisory
https://www.yrl.com/fwp_support/info/a1hrbt0000002037.html
Vendor Advisory
https://jvn.jp/en/jp/JVN23766146/index.html
Third Party Advisory
https://www.yrl.com/fwp_support/info/a1hrbt0000002037.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:yrl:passage_drive:*:*:*:*:*:*:*:*

Версия от 1.4.0 (включая) до 1.5.1.0 (включая)

cpe:2.3:a:yrl:passage_drive_for_box:1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00057

Низкий

7.8 High

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-vwqm-2h3p-mfwj

CVSS3: 7.8

github

больше 3 лет назад

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running.

EPSS

Процентиль: 18%

0.00057

Низкий

7.8 High

CVSS3

Дефекты

CWE-20