Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows.
Versions | Affected | Unaffected |
---|---|---|
Secdo | all versions on Windows |
CVSSv3.1 Base Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CWE-20 Improper Input Validation
This product is no longer supported and the issue will not be fixed. This issue can be easily mitigated by creating a "C:\proc" folder and not allowing unprivileged users to access to that folder, or ensuring unprivileged users do not have 'create folder' access to the root of a disk (C:\).
Exploitation of this issue can be prevented by creating a "C:\proc" folder and not allowing unprivileged users to access that folder.