CVE-2024-1201
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-1201 is a newly disclosed vulnerability affecting HDD Health software versions 4.2.0.112 and older. This issue involves a search path or unquoted item vulnerability, which enables a local attacker to plant a malicious executable file in an unquoted search path. By doing so, the attacker can potentially escalate their privileges, gaining unauthorized access to sensitive system data or functionality. This vulnerability underscores the importance of properly handling user input and ensuring that search paths are properly quoted to prevent attackers from exploiting such weaknesses.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.