CVE-2023-22818

HIGH

Westerndigital Sandisk Security Installer - Uncontrolled Search Path

Title source: rule

Description

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host.

References (2)

[Broken Link] https://www.westerndigital.com/support/product-security/wdc-23013-sandisk-security-installer-for-windows-1-0-0-25

[Third Party Advisory] https://vuldb.com/?id.245601

Scores

CVSS v3 7.3

EPSS 0.0002

EPSS Percentile 5.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

westerndigital/sandisk_security_installer < 1.0.0.25

Timeline

Published Nov 15, 2023

Tracked Since Feb 18, 2026