Lucene search

MitreCVE-2019-19452

HistoryFeb 21, 2020 - 3:15 p.m.

CVE-2019-19452

2020-02-2115:15:11

CWE-787

mitre

web.nvd.nist.gov

cve-2019-19452

buffer overflow

patriot viper rgb

iocontrolcode

local attacker

nt authority\system privileges

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges.

Affected configurations

Nvd

Node

patriotmemoryviper_rgb_driverRange≤1.1

VendorProductVersionCPE
patriotmemoryviper_rgb_driver*cpe:2.3:a:patriotmemory:viper_rgb_driver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
patriotmemory	viper_rgb_driver	*	cpe:2.3:a:patriotmemory:viper_rgb_driver::::::::

References

www.coresecurity.com/advisories/viper-rgb-driver-multiple-vulnerabilities

www.viper.patriotmemory.com

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-19452