{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T22:12:32.615","vulnerabilities":[{"cve":{"id":"CVE-2020-5569","sourceIdentifier":"vultures@jpcert.or.jp","published":"2020-04-20T08:15:15.130","lastModified":"2024-11-21T05:34:17.387","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service."},{"lang":"es","value":"Existe una vulnerabilidad de ruta de búsqueda sin comillas en la herramienta de contraseña HDD (para Windows) versión 1.20.6620 y anteriores que se almacena en CANVIO PREMIUM 3TB (HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB (HD -MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB (HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB (HD-SB10TK, HD-SB10TS), y CANVIO SLIM 500GB (HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), y que se descargó antes de 2020 el 10 de mayo. Ya que registra los servicios de Windows con rutas de archivos sin comillas, cuando una ruta registrada contiene espacios y un el ejecutable malicioso se coloca en una ruta determinada, puede ejecutarse con el privilegio del servicio de Windows."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-428"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:toshiba:password_tool_for_windows:*:*:*:*:*:*:*:*","versionEndIncluding":"1.20.6620","matchCriteriaId":"A88950F0-8BB2-405E-9DEC-717481228E09"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-ma10ts:-:*:*:*:*:*:*:*","matchCriteriaId":"38439357-BA60-4B05-9BEA-63BD574BC79B"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-ma10ty:-:*:*:*:*:*:*:*","matchCriteriaId":"EA86A6CF-64AC-4BEA-BC94-7D1E9AE13765"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-ma20ts:-:*:*:*:*:*:*:*","matchCriteriaId":"819E930D-B646-4BD6-9348-6BC436BA9DDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-ma20ty:-:*:*:*:*:*:*:*","matchCriteriaId":"3EECF3EF-BA4F-4CC5-8C45-3D6B977EFBA9"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-ma30ts:-:*:*:*:*:*:*:*","matchCriteriaId":"3E66B79A-A8FF-4D59-93CB-FACDD9A4EEA1"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-ma30ty:-:*:*:*:*:*:*:*","matchCriteriaId":"08C9D23F-5932-40A2-9755-0B8D3BE43BD4"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-mb10ts:-:*:*:*:*:*:*:*","matchCriteriaId":"D08DD4B1-2115-4351-99B1-715BA6FE1912"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-mb10ty:-:*:*:*:*:*:*:*","matchCriteriaId":"37A727F4-0610-4348-8DED-7E170F431BC6"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-mb20ts:-:*:*:*:*:*:*:*","matchCriteriaId":"CA3651CC-0845-4F4C-8AE7-AF7F2663025D"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-mb20ty:-:*:*:*:*:*:*:*","matchCriteriaId":"F45EF034-6B65-4C08-8965-21882627B508"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-mb30ts:-:*:*:*:*:*:*:*","matchCriteriaId":"1960457E-620E-44E9-B678-0E0283486F4A"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-mb30ty:-:*:*:*:*:*:*:*","matchCriteriaId":"ABC2FEC1-92F4-4242-BA71-BEB12D2572F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-sa50gk:-:*:*:*:*:*:*:*","matchCriteriaId":"DF1A2641-8ADA-4133-848E-469ED1B86AAA"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-sa50gs:-:*:*:*:*:*:*:*","matchCriteriaId":"8047B58B-5FFC-4CF4-A273-28139631C2E0"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-sb10tk:-:*:*:*:*:*:*:*","matchCriteriaId":"1CC78FD2-11A4-46ED-A357-5CF71A925F37"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-sb10ts:-:*:*:*:*:*:*:*","matchCriteriaId":"84030F94-92CB-4BDF-8424-0EDA4B8F01C2"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-sb50gk:-:*:*:*:*:*:*:*","matchCriteriaId":"B72AA05F-EEF1-40AF-8421-881216FA870B"},{"vulnerable":false,"criteria":"cpe:2.3:h:toshiba:hd-sb50gs:-:*:*:*:*:*:*:*","matchCriteriaId":"B0E8E5A4-3FDB-46A4-895B-8742D1526AE1"}]}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN13467854/index.html","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"https://www.canvio.jp/news/20200420.htm","source":"vultures@jpcert.or.jp","tags":["Vendor Advisory"]},{"url":"https://jvn.jp/en/jp/JVN13467854/index.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.canvio.jp/news/20200420.htm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}