Vulnerability CVE-2019-14743


Published: 2019-08-07

Description:
In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Valvesoftware -> Steam client 

 References:
https://amonitoring.ru/article/steamclient-0day/
https://habr.com/ru/company/pm/blog/462479/

Copyright 2024, cxsecurity.com

 

Back to Top