Unquoted Path Vulnerability (SMB Login) with Kiwi CatTools

(CVE-2021-35230)

Summary

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.

Affected Products

Kiwi CatTools 3.11.8 and earlier

Fixed Software Release

Kiwi CatTools 3.12

Advisory Details

Severity

6.7 Medium

Advisory ID

CVE-2021-35230

First Published

10/19/2021

Fixed Version

Kiwi CatTools 3.12

CVSS Score

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/

S:U/C:H/I:H/A:H