CVE-2023-22818

HIGH

SanDisk Security Installer < 1.0.0.25 - DLL Search Order Hijack via Local Malicious DLL

Title source: llm

Description

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host.

References (2)

Core 2

Core References

Broken Link

https://www.westerndigital.com/support/product-security/wdc-23013-sandisk-security-installer-for-windows-1-0-0-25

Third Party Advisory

https://vuldb.com/?id.245601

Scores

CVSS v3 7.3

EPSS 0.0025

EPSS Percentile 15.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (1)

westerndigital/sandisk_security_installer < 1.0.0.25

Published Nov 15, 2023

Tracked Since Feb 18, 2026