CVE-2019-12177 Information

Description

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://community.viveport.com/ https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8 https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8