CVE-2019-12162

{"id": "CVE-2019-12162", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-07-23T15:15:11.040", "references": [{"url": "https://support.upwork.com/hc/en-us/categories/360001180954", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://vuldb.com/?id.138406", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.upwork.com/hc/en-us/categories/360001180954", "tags": ["Product", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.138406", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe."}, {"lang": "es", "value": "Upwork Time Tracker versi\u00f3n 5.2.2.716, no comprueba el hash SHA256 de la actualizaci\u00f3n del programa descargado antes de ejecutarlo, lo que podr\u00eda conllevar a la ejecuci\u00f3n de c\u00f3digo o la escalada de privilegios locales mediante el reemplazo del archivo update.exe original."}], "lastModified": "2024-11-21T04:22:20.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:upwork:time_tracker:5.2.2.716:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EF5420E-524F-4A82-9E87-248DD78072E0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}