← Volver a CVEs

CVE-2019-15511

HIGH

7.8

Descripcion

An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed. All GOG Galaxy versions before 1.2.60 and all corresponding versions of GOG Galaxy 2.0 Beta are affected.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado11/21/2019

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

gog:galaxy

Debilidades (CWE)

CWE-306

Referencias

https://cqureacademy.com/cqure-labs/cqlabs-cve-2019-15511-broken-access-control-in-gog-galaxy(cve@mitre.org)

https://support.gog.com/hc/en-us/articles/360025458833-GOG-GALAXY-2-0-updates-and-known-issues(cve@mitre.org)

https://cqureacademy.com/cqure-labs/cqlabs-cve-2019-15511-broken-access-control-in-gog-galaxy(af854a3a-2127-422b-91ae-364da2661108)

https://support.gog.com/hc/en-us/articles/360025458833-GOG-GALAXY-2-0-updates-and-known-issues(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.