Login Sign Up

CVE-2024-1201

7.8 HIGH

📋 TL;DR

This vulnerability in HDD Health allows local attackers to escalate privileges by placing malicious executables in unquoted search paths. It affects users running HDD Health version 4.2.0.112 or earlier on Windows systems. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:
  • HDD Health by PanteraSoft
Versions: 4.2.0.112 and earlier
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. The vulnerability exists in how the application handles search paths for executables.

📦 What is this software?

Hdd Health by Panterasoft

View all CVEs affecting Hdd Health →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing complete control over the affected system.

🟠

Likely Case

Local privilege escalation enabling attackers to execute code with higher privileges than their current account.

🟢

If Mitigated

Limited impact if proper access controls prevent local users from writing to vulnerable directories.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to exploit.
🏢 Internal Only: HIGH - Internal users with local access can exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access and ability to write to directories in the search path. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.0.113 or later

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/panterasoft-hdd-health-search-path-or-unquoted-item-vulnerability

Restart Required: Yes

Instructions:

1. Download latest version from official PanteraSoft website. 2. Uninstall current version. 3. Install updated version. 4. Restart system.

🔧 Temporary Workarounds

Remove vulnerable version

windows

Uninstall HDD Health until patched version can be installed

Control Panel > Programs > Uninstall a program > Select HDD Health > Uninstall

Restrict directory permissions

windows

Set strict permissions on directories in the application's search path

icacls "C:\Program Files\HDD Health" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

  • Restrict local user access to systems running HDD Health
  • Implement application whitelisting to prevent execution of unauthorized binaries

🔍 How to Verify

Check if Vulnerable:

Check HDD Health version in About dialog or Programs list. If version is 4.2.0.112 or earlier, system is vulnerable.

Check Version:

wmic product where name="HDD Health" get version

Verify Fix Applied:

Verify installed version is 4.2.0.113 or later in About dialog or Programs list.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process execution from unusual directories
  • Failed attempts to write to protected directories

Network Indicators:

  • No network indicators - this is a local privilege escalation

SIEM Query:

Process creation events where parent process is HDD Health and executable path contains spaces without quotes

📊 Metadata

CVE ID: CVE-2024-1201
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-428
Published: February 2, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1201, you might also want to check these:

CVE-2022-50935 9.8

CVE-2022-50935 is an unquoted service path vulnerability in the Flame II HSPA USB Modem software for...

Same vulnerability type (CWE-428)
CVE-2024-24722 9.1

An unquoted service path vulnerability in 12d Synergy Server and File Replication Server allows atta...

Same vulnerability type (CWE-428)
CVE-2025-36384 8.4

This vulnerability allows a local user with filesystem access to escalate privileges on IBM Db2 for ...

Same vulnerability type (CWE-428)