Vulnerability Details : CVE-2023-22818
Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for
Windows that could allow attackers with local access to execute arbitrary code by executing the installer
in the same folder as the malicious DLL. This can lead to the execution of arbitrary
code with the privileges of the vulnerable application or obtain a certain level of persistence
on the compromised host.
Vulnerability category: Execute code
Products affected by CVE-2023-22818
- cpe:2.3:a:westerndigital:sandisk_security_installer:*:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-22818
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-22818
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
Western Digital |
CWE ids for CVE-2023-22818
-
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.Assigned by:
- nvd@nist.gov (Primary)
- psirt@wdc.com (Secondary)
References for CVE-2023-22818
-
https://vuldb.com/?id.245601
CVE-2023-22818: Western Digital SanDisk Security Installer uncontrolled search pathThird Party Advisory
-
https://www.westerndigital.com/support/product-security/wdc-23013-sandisk-security-installer-for-windows-1-0-0-25
Page Not Found | Western DigitalBroken Link
Jump to