CVE-2019-12177

Опубликовано: 03 июн. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.

Ссылки

https://community.viveport.com/
Vendor Advisory
https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8
Exploit
Third Party Advisory
https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585
Not Applicable
https://community.viveport.com/
Vendor Advisory
https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8
Exploit
Third Party Advisory
https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:htc:viveport:*:*:*:*:*:*:*:*

Версия до 1.0.0.36 (исключая)

EPSS

Процентиль: 29%

0.00106

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-w2vg-8h8q-7fcg