CVE-2023-22818

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 15, 2023

Updated: Nov 22, 2023

CWE ID 427

Summary

CVE-2023-22818 refers to multiple DLL search order hijack vulnerabilities identified in the SanDisk Security Installer for Windows. An attacker with local access can exploit these vulnerabilities by placing a malicious DLL in the same folder as the installer. By doing so, the attacker could execute arbitrary code with the privileges of the vulnerable application or gain a level of persistence on the compromised host. This could result in significant security risks to affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Western Digital

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/taskvZ
https://www.cve.org/CVERecord?id=CVE-2023-22818
https://nvd.nist.gov/vuln/detail/CVE-2023-22818

Back to Vulnerability Database

CVE-2023-22818

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations