CVE-2020-5569
First published: Mon Apr 20 2020(Updated: )
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Toshiba Password Tool For Windows | <=1.20.6620 | |
| Toshiba HD-MA10TS | ||
| Toshiba HD-MA10TS | ||
| Toshiba HD-MA20TY | ||
| Toshiba HD-MA20TY | ||
| Toshiba HD-MA30TS | ||
| Toshiba HD-MA30TY | ||
| Toshiba HD-MB10TS | ||
| Toshiba HD-MB10TY | ||
| Toshiba HD-MB20TS | ||
| Toshiba HD-MB20TY | ||
| Toshiba HD-MB30TS | ||
| Toshiba HD-MB30TY | ||
| Toshiba HD-SA50GK | ||
| Toshiba HD-SA50GS | ||
| Toshiba HD-SB10TK | ||
| Toshiba HD-SB10TS | ||
| Toshiba HD-SB50GK | ||
| Toshiba HD-SB50GS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-5569?
CVE-2020-5569 is classified as a medium severity vulnerability due to the risk of untrusted file execution.
How do I fix CVE-2020-5569?
To fix CVE-2020-5569, update the HDD Password tool to version 1.20.6621 or later.
Which versions of the HDD Password tool are affected by CVE-2020-5569?
CVE-2020-5569 affects HDD Password tool versions 1.20.6620 and earlier.
What are the vulnerable products related to CVE-2020-5569?
The vulnerable products include Toshiba CANVIO PREMIUM 1TB, 2TB, and 3TB hard drives with specific model numbers.
Can CVE-2020-5569 be exploited remotely?
CVE-2020-5569 requires local access to exploit, making remote exploitation unlikely.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/toshiba
- canonical/toshiba password tool for windows
- version/toshiba password tool for windows/1.20.6620
- canonical/toshiba hd-ma10ts
- canonical/toshiba hd-ma20ty
- canonical/toshiba hd-ma30ts
- canonical/toshiba hd-ma30ty
- canonical/toshiba hd-mb10ts
- canonical/toshiba hd-mb10ty
- canonical/toshiba hd-mb20ts
- canonical/toshiba hd-mb20ty
- canonical/toshiba hd-mb30ts
- canonical/toshiba hd-mb30ty
- canonical/toshiba hd-sa50gk
- canonical/toshiba hd-sa50gs
- canonical/toshiba hd-sb10tk
- canonical/toshiba hd-sb10ts
- canonical/toshiba hd-sb50gk
- canonical/toshiba hd-sb50gs