CVE-2019-8372

{"id": "CVE-2019-8372", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2019-02-18T15:29:00.387", "references": [{"url": "http://www.jackson-t.ca/lg-driver-lpe.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lgsecurity.lge.com/security_updates.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://twitter.com/Jackson_T/status/1097353402034475009", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.jackson-t.ca/lg-driver-lpe.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lgsecurity.lge.com/security_updates.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://twitter.com/Jackson_T/status/1097353402034475009", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL."}, {"lang": "es", "value": "El controlador \"LHA.sys\", en versiones anteriores a la 1.1.1811.2101 en LG Device Manager, expone una funcionalidad que permite a usuarios con privilegios bajos leer y escribir memoria f\u00edsica arbitraria mediante peticiones IOCTL especialmente manipuladas y elevar los privilegios del sistema. Esto ocurre debido a que el objeto \"device\" tiene asociado un enlace simb\u00f3lico y un DACL abierto."}], "lastModified": "2024-11-21T04:49:46.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lg:lha.sys:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5FD6206-A734-4DCE-9A93-3D6F28BA6223", "versionEndExcluding": "1.1.1811.2101"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}