{"vuid":"VU#632140","idnumber":"632140","name":"Multiple Toshiba products are vulnerable to trusted service path privilege escalation","keywords":["CWE-428","Toshiba","bluetooth"],"overview":"Bluetooth Stack for Windows by Toshiba and TOSHIBA Service Station contain a trusted service path privilege escalation vulnerability.","clean_desc":"CWE-428: Unquoted Search Path or Element Bluetooth Stack for Windows by Toshiba versions 9.10.27(T) and earlier, as well as TOSHIBA Service Station versions 2.2.13 and earlier, contain a trusted service path privilege escalation vulnerability.","impact":"A local authenticated attacker may be able to escalate privileges to SYSTEM.","resolution":"Apply an Update Toshiba recommends upgrading Bluetooth Stack for Windows by Toshiba to version 9.10.32(T) and TOSHIBA Service Station to 2.2.14","workarounds":"","sysaffected":"","thanks":"Thanks to Giovanni Delvecchio for reporting this vulnerability.","author":"This document was written by Todd Lewellen.","public":["http://www.support.toshiba.com/sscontent?contentId=4007185","http://www.support.toshiba.com/sscontent?contentId=4007187","http://jvn.jp/vu/JVNVU99205169/index.html","http://cwe.mitre.org/data/definitions/428.html"],"cveids":["CVE-2015-0884"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-09-08T11:41:20Z","publicdate":"2015-02-26T00:00:00Z","datefirstpublished":"2015-02-27T19:12:56Z","dateupdated":"2015-03-05T23:49:11Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.6","cvss_basevector":"AV:L/AC:M/Au:S/C:C/I:C/A:C","cvss_temporalscore":"5.2","cvss_environmentalscore":"3.853205790336","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}