Western Digital Dashboard, Privilege Escalation
WDC Tracking Number: WDC-20011
Product Line: Western Digital Dashboard
Published: December 11, 2020
Last Updated: December 11, 2020
Description
Western Digital Dashboard version 3.1.2.5 was affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. An update that addresses the vulnerability is available.
Update Availability/Remediation
To install or uninstall Western Digital Dashboard, please download and run the latest version of the installer.
Advisory Summary
Resolved a DLL hijacking vulnerability in the Western Digital Dashboard which could allow malicious users to carry out an escalation of privileges. Using the latest installer to install or uninstall the application will mitigate this potential vulnerability.
CVE Number: CVE-2020-29654
Reported by: Tuan Vu Pham aka LangTuBongDem (Member of STeam)