CVE-2023-38356 – MiniTool Power Data Recovery 11.6 has an insecu... (How to Fix)

Q: What is the severity of CVE-2023-38356?

CVE-2023-38356 has a CVSS score of 8.1 (HIGH). MiniTool Power Data Recovery 11.6 has an insecure installation process vulnerable to man-in-the-middle attacks, allowing attackers to intercept and replace installation files with malicious ones. This enables remote code execution when users install or update the software. All users of version 11.6 are affected.

📋 TL;DR

MiniTool Power Data Recovery 11.6 has an insecure installation process vulnerable to man-in-the-middle attacks, allowing attackers to intercept and replace installation files with malicious ones. This enables remote code execution when users install or update the software. All users of version 11.6 are affected.

💻 Affected Systems

Products:

MiniTool Power Data Recovery

Versions: Version 11.6

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists during installation/update process when downloading files over insecure connections.

📦 What is this software?

Power Data Recovery by Minitool

View all CVEs affecting Power Data Recovery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation leading to data exfiltration, credential theft, or system disruption.

🟢

If Mitigated

Attack fails due to network segmentation, certificate validation, or patched software.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires man-in-the-middle position on network during installation/update.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 11.7 or later

Vendor Advisory: https://www.minitool.com/data-recovery-software/

Restart Required: Yes

Instructions:

1. Download latest version from official MiniTool website. 2. Uninstall current version. 3. Install new version. 4. Restart system.

🔧 Temporary Workarounds

Use secure network for installation

all

Install software only on trusted, secure networks to prevent MITM attacks.

Verify installation file integrity

windows

Check digital signatures and hashes of installation files before running.

Get-FileHash -Algorithm SHA256 'installation_file.exe'

🧯 If You Can't Patch

Discontinue use of vulnerable version and switch to alternative data recovery software
Isolate affected systems from untrusted networks and implement strict network segmentation

🔍 How to Verify

Check if Vulnerable:

Check software version in About dialog or Program Files\MiniTool Power Data Recovery folder properties.

Check Version:

wmic product where name='MiniTool Power Data Recovery' get version

Verify Fix Applied:

Confirm version is 11.7 or later in About dialog.

📡 Detection & Monitoring

Log Indicators:

Unexpected network connections during software installation
Process creation from unusual installation paths

Network Indicators:

Unencrypted HTTP traffic to software update servers
Suspicious DNS requests for update domains

SIEM Query:

source='*' AND (process_name='PowerDataRecovery.exe' AND network_destination NOT IN ('trusted_update_servers'))

📊 Metadata

CVE ID: CVE-2023-38356

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-295

Published: September 19, 2023

Last Updated: November 21, 2024

🔗 References

https://0dr3f.github.io/cve/ Third Party Advisory
https://0dr3f.github.io/cve/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38356, you might also want to check these: