CVE-2019-14684

{"id": "CVE-2019-14684", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-08-20T14:15:11.037", "references": [{"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM", "tags": ["Exploit", "Third Party Advisory"], "source": "security@trendmicro.com"}, {"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687."}, {"lang": "es", "value": "Existe una vulnerabilidad de secuestro de DLL en Trend Micro Password Manager 5.0 en el que, si se explota, permitir\u00eda a un atacante cargar una DLL arbitraria sin firmar en el proceso del servicio firmado. Este proceso es muy similar, pero no id\u00e9ntico al CVE-2019-14687."}], "lastModified": "2024-11-21T04:27:08.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:password_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08C4873A-CEE3-4401-8406-B0E0E7C8A0AB"}], "operator": "OR"}]}], "sourceIdentifier": "security@trendmicro.com"}