System Interface Manager Vulnerability Information
Release Date: Sep 30, 2019
We published security information about the Panasonic application "System Interface Manager",
and inform you following contents of countermeasure.
This information is subject to change without notice.
Vulnerability summary
■Description
System Interface Manager which is the application by Panasonic has unquoted Windows search path vulnerability that allows local users to gain privileges.
- CVSS v3.0: Base Score 8.4 HIGH (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) [Provisional]
- CVSS v2.0: Base Score 4.6 MEDIUM (AV:L/AC:L/Au:N/C:P/I:P/A:P) [Provisional]
■Impact
This vulnerability might allow local users to gain privileges through an application with a name composed of the first part of the path containing the white space.
■Vulnerable versions (System Interface Manager)
- V12.**L**〜V15.**L** (All versions)
- V16.00L10〜V16.02L16
- V17.**L**〜V20.**L** (All versions)
- V21.00L10〜V21.02L13
Content of countermeasure
We released countermeasure for following models.
System Interface Manager
Target model | OS | Countermeasure module |
---|---|---|
FZ-55[A/B/C] | Windows 10 | Released on September 30, 2019 |
CF-19[5/6/Z] CF-20 CF-31[W/X/Y/1/2/3/4/6/7/8/9] CF-33 CF-53[J/M/S/2/3/4/5/7] CF-54 CF-AX2 CF-AX3 CF-C2 CF-D1[G/K/N/Q] CF-H2[F/G/H/P/Q/S] CF-LX3 CF-LX6 CF-MX4 CF-SX4 CF-SZ6 CF-XZ6 FZ-G1 FZ-M1 FZ-Q1 FZ-Q2 FZ-Y1 UT-MA6 UT-MB5 |
Windows 10 Windows 8.1 Windows 7 |
Released on September 30, 2019 |