CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
yrlpassage_drive
1.4.0 ≤
𝑥
≤ 1.5.1.0
yrlpassage_drive_for_box
1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/en/jp/JVN23766146/index.html
https://www.yrl.com/fwp_support/info/a1hrbt0000002037.html
https://jvn.jp/en/jp/JVN23766146/index.html
https://www.yrl.com/fwp_support/info/a1hrbt0000002037.html