Insecure Installation Process in MiniTool Power Data Recovery by MiniTool
CVE-2023-38356

8.1HIGH

Key Information:

Vendor

Minitool

Vendor
CVE Published:
19 September 2023

What is CVE-2023-38356?

MiniTool Power Data Recovery 11.6 is affected by a vulnerability that stems from an insecure installation process. This flaw opens the door for attackers to conduct man-in-the-middle attacks, enabling them to execute arbitrary code remotely. Users of this version should be aware of the potential risks and take appropriate security measures to safeguard their systems.

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.