CVE-2024-1201

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 2, 2024

Updated: Feb 9, 2024

CWE ID 428

Summary

CVE-2024-1201 is a newly disclosed vulnerability affecting HDD Health software versions 4.2.0.112 and older. This issue involves a search path or unquoted item vulnerability, which enables a local attacker to plant a malicious executable file in an unquoted search path. By doing so, the attacker can potentially escalate their privileges, gaining unauthorized access to sensitive system data or functionality. This vulnerability underscores the importance of properly handling user input and ensuring that search paths are properly quoted to prevent attackers from exploiting such weaknesses.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uX6g4b
https://www.cve.org/CVERecord?id=CVE-2024-1201
https://nvd.nist.gov/vuln/detail/CVE-2024-1201

Back to Vulnerability Database

CVE-2024-1201

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations