System Interface Manager Vulnerability Information

Release Date: Sep 30, 2019

We published security information about the Panasonic application "System Interface Manager",
and inform you following contents of countermeasure.
This information is subject to change without notice.

Vulnerability summary

Description

System Interface Manager which is the application by Panasonic has unquoted Windows search path vulnerability that allows local users to gain privileges.

- CVSS v3.0: Base Score 8.4 HIGH (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) [Provisional]
- CVSS v2.0: Base Score 4.6 MEDIUM (AV:L/AC:L/Au:N/C:P/I:P/A:P) [Provisional]

Impact

This vulnerability might allow local users to gain privileges through an application with a name composed of the first part of the path containing the white space.

Vulnerable versions (System Interface Manager)

  • V12.**L**〜V15.**L** (All versions)
  • V16.00L10〜V16.02L16
  • V17.**L**〜V20.**L** (All versions)
  • V21.00L10〜V21.02L13

Content of countermeasure

We released countermeasure for following models.

Target model OS Countermeasure module
FZ-55[A/B/C] Windows 10
Download
Released on September 30, 2019
CF-19[5/6/Z]
CF-20
CF-31[W/X/Y/1/2/3/4/6/7/8/9]
CF-33
CF-53[J/M/S/2/3/4/5/7]
CF-54
CF-AX2
CF-AX3
CF-C2
CF-D1[G/K/N/Q]
CF-H2[F/G/H/P/Q/S]
CF-LX3
CF-LX6
CF-MX4
CF-SX4
CF-SZ6
CF-XZ6
FZ-G1
FZ-M1
FZ-Q1
FZ-Q2
FZ-Y1
UT-MA6
UT-MB5
Windows 10
Windows 8.1
Windows 7
Download
Released on September 30, 2019