Global Home Download Center Home > System Interface Manager Vulnerability Information

System Interface Manager Vulnerability Information

Release Date: September 30, 2019 

We published security information about the Panasonic application "System Interface Manager",

and inform you following contents of countermeasure.

This information is subject to change without notice.

■ Vulnerability summary

Description

System Interface Manager which is the application by Panasonic has unquoted Windows search path vulnerability
that allows local users to gain privileges.

CVSS v3.0: Base Score 8.4 HIGH (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) [Provisional]
CVSS v2.0: Base Score 4.6 MEDIUM (AV:L/AC:L/Au:N/C:P/I:P/A:P) [Provisional]

Impact

This vulnerability might allow local users to gain privileges through an application with a name composed of the
first part of the path containing the white space.

Vulnerable versions (System Interface Manager)

V12.**L**〜V15.**L** (All versions)

V16.00L10〜V16.02L16

V17.**L**〜V20.**L** (All versions)

V21.00L10〜V21.02L13

■ Content of countermeasure

We released countermeasure for following models.

Target model OS Countermeasure module
FZ-55[A/B/C] Windows 10

Download ▶

Released on September 30, 2019

CF-19[5/6/Z]
CF-20
CF-31[W/X/Y/1/2/3/4/6/7/8/9]
CF-33
CF-53[J/M/S/2/3/4/5/7]
CF-54
CF-AX2
CF-AX3
CF-C2
CF-D1[G/K/N/Q]
CF-H2[F/G/H/P/Q/S]
CF-LX3
CF-LX6
CF-MX4
CF-SX4
CF-SZ6
CF-XZ6
FZ-G1
FZ-M1
FZ-Q1
FZ-Q2
FZ-Y1
UT-MA6
UT-MB5
Windows 10
Windows 8.1
Windows 7

Download ▶

Released on September 30, 2019

Return to Top