CVE-2023-38351 – MiniTool Partition Wizard 12.8 has an insecure ... (How to Fix)

Q: What is the severity of CVE-2023-38351?

CVE-2023-38351 has a CVSS score of 8.1 (HIGH). MiniTool Partition Wizard 12.8 has an insecure installation mechanism that allows attackers to perform man-in-the-middle attacks during software updates. This enables remote code execution by intercepting and modifying update traffic. All users running version 12.8 are affected.

📋 TL;DR

MiniTool Partition Wizard 12.8 has an insecure installation mechanism that allows attackers to perform man-in-the-middle attacks during software updates. This enables remote code execution by intercepting and modifying update traffic. All users running version 12.8 are affected.

💻 Affected Systems

Products:

MiniTool Partition Wizard

Versions: Version 12.8

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the update mechanism, so any installation that checks for updates is vulnerable.

📦 What is this software?

Partition Wizard by Minitool

View all CVEs affecting Partition Wizard →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining administrative privileges and persistent access to the victim's system.

🟠

Likely Case

Malware installation, data theft, or ransomware deployment through compromised updates.

🟢

If Mitigated

Attack prevented through network segmentation, certificate validation, or using patched versions.

🌐 Internet-Facing: HIGH - Attack requires network access to intercept update traffic, which is common for internet-facing systems.

🏢 Internal Only: MEDIUM - Internal network attacks possible if attacker has network access, but requires specific positioning.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires man-in-the-middle position but no authentication. Public proof-of-concept exists in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 12.9 or later

Vendor Advisory: https://www.minitool.com/partition-manager/partition-wizard-home.html

Restart Required: Yes

Instructions:

1. Download latest version from official MiniTool website. 2. Uninstall current version. 3. Install new version. 4. Restart system.

🔧 Temporary Workarounds

Disable Auto-Updates

windows

Prevent the software from checking for updates automatically

Check software settings for update options and disable automatic updates

Network Segmentation

all

Isolate systems running vulnerable software from untrusted networks

🧯 If You Can't Patch

Block outbound connections to MiniTool update servers at firewall
Use application control to prevent execution of downloaded update files

🔍 How to Verify

Check if Vulnerable:

Check installed version in Help > About. If version is 12.8, system is vulnerable.

Check Version:

Check Help > About in MiniTool Partition Wizard interface

Verify Fix Applied:

Verify version is 12.9 or later in Help > About and test that update mechanism uses HTTPS with certificate validation.

📡 Detection & Monitoring

Log Indicators:

Failed update attempts
Unusual network connections to MiniTool domains
Execution of unexpected binaries from temp directories

Network Indicators:

HTTP connections to MiniTool update servers instead of HTTPS
Unencrypted update traffic

SIEM Query:

Network traffic to minitool.com domains using HTTP protocol

📊 Metadata

CVE ID: CVE-2023-38351

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-295

Published: September 19, 2023

Last Updated: November 21, 2024

🔗 References

https://0dr3f.github.io/cve/ Third Party Advisory
https://0dr3f.github.io/cve/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38351, you might also want to check these: