Unquoted Path Vulnerability (SMB Login) with Kiwi CatTools (CVE-2021-35230)

Summary

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.

Affected Products

  • Kiwi CatTools 3.11.8 and earlier

Fixed Software Release

Advisory Details
Severity
Medium
Advisory ID

CVE-2021-35230

First Published
10/19/2021
Fixed Version

Kiwi CatTools 3.12

CVSS Score

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/

S:U/C:H/I:H/A:H

Download PDF
Send an Email