CVE-2022-34110

Vulnerability

MSI Feature Navigator version 1.0.1808.0901 contains an arbitrary file download vulnerability. The software, which is pre-installed on MSI laptops to display product specifications and media, fails to restrict the file types or sizes that can be downloaded from external hosts. This allows an attacker to download any file from a remote server without proper validation [1].

Exploitation

An attacker can exploit this vulnerability by crafting a request to the Feature Navigator application that triggers a download from an attacker-controlled external host. No authentication is required, and the attacker does not need local access; the vulnerability can be triggered remotely if the application is reachable. The attacker simply needs to provide a URL pointing to a malicious file, and the application will download it regardless of type or size [1].

Impact

Successful exploitation allows an attacker to download arbitrary files from external hosts to the victim's system. This could lead to the introduction of malicious files (e.g., malware) onto the system, or exfiltration of data if the download is used to pull sensitive information from a remote server. The impact is high as it bypasses any file type or size restrictions [1].

Mitigation

As of the publication date (2022-09-12), no official patch or fix has been released by MSI. The researcher reported the issue but received no response [1]. Users are advised to disable or remove the Feature Navigator software if not needed, or to restrict network access to the application. No workaround is provided by the vendor.