Vulnerability Note VU#632140
Multiple Toshiba products are vulnerable to trusted service path privilege escalation
Overview
Bluetooth Stack for Windows by Toshiba and TOSHIBA Service Station contain a trusted service path privilege escalation vulnerability.
Description
CWE-428: Unquoted Search Path or Element Bluetooth Stack for Windows by Toshiba versions 9.10.27(T) and earlier, as well as TOSHIBA Service Station versions 2.2.13 and earlier, contain a trusted service path privilege escalation vulnerability. |
Impact
A local authenticated attacker may be able to escalate privileges to SYSTEM. |
Solution
Apply an Update |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Toshiba Corporation | Affected | - | 26 Feb 2015 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 6.6 | AV:L/AC:M/Au:S/C:C/I:C/A:C |
| Temporal | 5.2 | E:POC/RL:OF/RC:C |
| Environmental | 3.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- http://www.support.toshiba.com/sscontent?contentId=4007185
- http://www.support.toshiba.com/sscontent?contentId=4007187
- http://jvn.jp/vu/JVNVU99205169/index.html
- http://cwe.mitre.org/data/definitions/428.html
Credit
Thanks to Giovanni Delvecchio for reporting this vulnerability.
This document was written by Todd Lewellen.
Other Information
- CVE IDs: CVE-2015-0884
- Date Public: 26 Feb 2015
- Date First Published: 27 Feb 2015
- Date Last Updated: 05 Mar 2015
- Document Revision: 11
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.