CVE-2019-19364

{"id": "CVE-2019-19364", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-12-04T19:15:11.940", "references": [{"url": "https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don\u2019t exist from its current directory; by doing so, an attacker can quickly escalate its privileges."}, {"lang": "es", "value": "Un usuario malintencionado d\u00e9bil puede escalar sus privilegios siempre que se ejecuten los instaladores CatalystProductionSuite.2019.1.exe (versi\u00f3n 1.1.0.21) y CatalystBrowseSuite.2019.1.exe (versi\u00f3n 1.1.0.21). La vulnerabilidad est\u00e1 en forma de secuestro de DLL. Los instaladores intentan cargar archivos DLL que no existen desde su directorio actual; Al hacerlo, un atacante puede escalar r\u00e1pidamente sus privilegios."}], "lastModified": "2024-11-21T04:34:38.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sony:catalyst_browse:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FA55594-B20D-4976-9071-B2633FA58C86", "versionEndIncluding": "2019.1"}, {"criteria": "cpe:2.3:a:sony:catalyst_production_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B5FFAF7-45F2-4199-94EE-AEF9F40BB4C7", "versionEndIncluding": "2019.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}