CVE-2023-22818 HIGH

CVE-2023-22818: Multiple DLL Search Order hijacking Vulnerabilities in SanDisk Security Installer for Windows

Vendor Sandisk
Product SanDisk Security Installer for Windows
Weakness CWE-427
Published November 15, 2023
Last update August 29, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. 

Key dates

02Disclosure timeline

November 15, 2023 CVE published
August 29, 2024 Record updated