Western Digital Dashboard, Privilege Escalation


WDC Tracking Number: WDC-20011
Product Line: Western Digital Dashboard
Published: December 11, 2020

Last Updated:  December 11, 2020

Description

Western Digital Dashboard version 3.1.2.5 was affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user. An update that addresses the vulnerability is available.

Product Impact
Last Updated
Western Digital Dashboard

Update Availability/Remediation

To install or uninstall Western Digital Dashboard, please download and run the latest version of the installer.

Advisory Summary

Resolved a DLL hijacking vulnerability in the Western Digital Dashboard which could allow malicious users to carry out an escalation of privileges. Using the latest installer to install or uninstall the application will mitigate this potential vulnerability.

CVE Number: CVE-2020-29654
Reported by: Tuan Vu Pham aka LangTuBongDem (Member of STeam)