CVE-2019-6517

{"id": "CVE-2019-6517", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2019-02-06T21:29:00.813", "references": [{"url": "http://www.securityfocus.com/bid/106766", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions."}, {"lang": "es", "value": "BD FACSLyric Research Use Only, para el sistema operativo Windows 10 Professional Operating System, en las distribuciones de EEUU y Malasia entre noviembre de 2017 y noviembre de 2018; y BD FACSLyric IVD, para el sistema operativo Windows 10 Professional Operating System, en las distribuciones de EEUU, no aplican correctamente el control de acceso de usuarios a las cuentas privilegiadas, lo que podr\u00eda permitir el acceso no autorizado a las funciones de nivel administrativo."}], "lastModified": "2020-10-19T17:48:39.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bd:facslyric:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "850536B6-A7B2-4AAD-B4C1-1CBAC80B2E97"}, {"criteria": "cpe:2.3:o:bd:facslyric_ivd:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AC873A3-9B20-4AEB-B264-6D4CCAA959E2"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}