CVE-2024-22167 HIGH

CVE-2024-22167: SanDisk PrivateAccess DLL Hijacking Vulnerability

Vendor Sandisk
Product PrivateAccess Windows App
Weakness CWE-427
Published March 13, 2024
Last update August 28, 2024

CVSS base score

7.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. This attack is limited to the system in context and cannot be propagated.

Key dates

02Disclosure timeline

March 13, 2024 CVE published
August 28, 2024 Record updated