What is CVE-2022-22996?

CVE-2022-22996 is a DLL hijacking vulnerability in the G-RAID 4/8 Software Utility setups for Windows.

What is the severity of CVE-2022-22996?

CVE-2022-22996 has a severity score of 7.8, which is considered high.

How does CVE-2022-22996 affect the G-RAID 4/8 Software Utility setups for Windows?

CVE-2022-22996 allows for arbitrary code execution in the context of the system user.

Is there a fix available for CVE-2022-22996?

Yes, Western Digital has provided a fix for the affected software utility setups for Windows. Please refer to the vendor's website for more information.

Where can I find more information about CVE-2022-22996?

You can find more information about CVE-2022-22996 on the Western Digital support website.

Vulnerability/
CVE-2022-22996

high

7.8

CWE

427

30/3/2022

3/8/2024

CVE-2022-22996: SanDisk Professional G-RAID 4/8 Software Utility, Privilege Escalation

First published: Wed Mar 30 2022(Updated: )

The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.

Credit: psirt@wdc.com

Affected Software	Affected Version	How to fix
Westerndigital Sandisk Professional G-raid 4\/8 Software Utility	<300520006-2
Westerndigital Sandisk Professional G-raid 4\/8 Software Utility Driver	<6.2.0.16-2

Remedy

Western Digital recommends all users install the latest updates for the Windows app and driver from the links below. G-RAID Software Utility: https://download.g-technology.com/software/G-RAID_Software_Utility_300520006-2.zip Windows Driver: https://download.g-technology.com/software/SanDisk_WinDrv_Installer_V6.2.0.16-2_WHQL.zip

Never miss a vulnerability like this again

Reference Links

https://www.westerndigital.com/support/product-security/wdc-22007-sandisk-professional-g-raid-4-8-software-utility-setup-for-windows-privilege-escalation

Frequently Asked Questions

What is CVE-2022-22996?
CVE-2022-22996 is a DLL hijacking vulnerability in the G-RAID 4/8 Software Utility setups for Windows.
What is the severity of CVE-2022-22996?
CVE-2022-22996 has a severity score of 7.8, which is considered high.
How does CVE-2022-22996 affect the G-RAID 4/8 Software Utility setups for Windows?
CVE-2022-22996 allows for arbitrary code execution in the context of the system user.
Is there a fix available for CVE-2022-22996?
Yes, Western Digital has provided a fix for the affected software utility setups for Windows. Please refer to the vendor's website for more information.
Where can I find more information about CVE-2022-22996?
You can find more information about CVE-2022-22996 on the Western Digital support website.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/remedy
agent/title
agent/last-modified-date
agent/references
agent/author
agent/first-publish-date
agent/tags
agent/event
agent/description
vendor/westerndigital
canonical/westerndigital sandisk professional g-raid 4\/8 software utility
canonical/westerndigital sandisk professional g-raid 4\/8 software utility driver

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.