Unquoted Path Vulnerability (SMB Login) with Kiwi CatTools
(CVE-2021-35230)
Summary
As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.
Affected Products
- Kiwi CatTools 3.11.8 and earlier
Fixed Software Release
Advisory Details
Severity
6.7 Medium
Advisory ID
First Published
10/19/2021
Fixed Version
Kiwi CatTools 3.12