CVE-2017-2149 : Untrusted search path vulnerability in installers of the software for SDHC/SDXC

Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Published 2017-04-28 16:59:02

Updated 2019-10-03 00:03:26

Source JPCERT/CC

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2017-2149

Toshiba » Flashair
Versions up to, including, (<=) 3.00.01
cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*
Matching versions
Toshiba » Flashair
Versions up to, including, (<=) 1.00.06
cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*
Matching versions
Toshiba » Flashair
Versions up to, including, (<=) 1.00.04
cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*
Matching versions
Toshiba » Flashair
Versions up to, including, (<=) 1.02
cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*
Matching versions
Toshiba » Flashair
Versions up to, including, (<=) 3.0.2
cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*
Matching versions
Toshiba » Flashair
Versions up to, including, (<=) 1.00.03
cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*
Matching versions
Toshiba » Flashair
Versions up to, including, (<=) 2.00.03
cpe:2.3:a:toshiba:flashair:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-2149

EPSS FAQ

7.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-2149

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-2149

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-2149

http://www.toshiba-personalstorage.net/news/20170414.htm

（続報）NFC搭載SDメモリカード、FlashAir™、TransferJet™搭載SDメモリカードのWindows 用ソフトウェアのインストーラにおけるDLL 読み込みに関する脆弱性について｜東芝：メモリ
Vendor Advisory
http://www.securityfocus.com/bid/97697

Multiple Toshiba memory card installers DLL Loading Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
http://jvn.jp/en/jp/JVN05340816/index.html

JVN#05340816: Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-2149

Products affected by CVE-2017-2149

Exploit prediction scoring system (EPSS) score for CVE-2017-2149

CVSS scores for CVE-2017-2149

CWE ids for CVE-2017-2149

References for CVE-2017-2149