Lucene search

MitreCVE-2019-13142

HistoryJul 09, 2019 - 6:15 p.m.

CVE-2019-13142

2019-07-0918:15:11

CWE-732

mitre

web.nvd.nist.gov

cve-2019-13142

rzsurroundvadstreamingservice

razer surround

elevation of privilege

information security

vulnerability

nvd

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

12.6%

JSON

The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver. The DACL on this folder allows any user to overwrite contents of files in this folder, resulting in Elevation of Privilege.

Affected configurations

Nvd

Node

razersurroundMatch1.1.63.0

VendorProductVersionCPE
razersurround1.1.63.0cpe:2.3:a:razer:surround:1.1.63.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
razer	surround	1.1.63.0	cpe:2.3:a:razer:surround:1.1.63.0:::::::*

References

posts.specterops.io/cve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2019-13142