CVE-2024-22167 Vulnerability Details

  /     /     /  

CVE-2024-22167 Metadata Quick Info

CVE Published: 13/03/2024 | CVE Updated: 28/08/2024 | CVE Year: 2024
Source: WDC PSIRT | Vendor: SanDisk | Product: PrivateAccess Windows App
Status : PUBLISHED

---

CVE-2024-22167 Description

A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user\'s vault or has already gained access into a user\'s system. This attack is limited to the system in context and cannot be propagated.

Metrics

CVSS Version: 3.1 | Base Score: 7.9 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-427
CWE Name: CWE-427 Uncontrolled Search Path Element
Source: SanDisk

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).