← Retour aux CVEs

CVE-2019-15511

HIGH

7.8

Description

An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is installed. All GOG Galaxy versions before 1.2.60 and all corresponding versions of GOG Galaxy 2.0 Beta are affected.

Details CVE

Score CVSS v3.17.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie11/21/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

gog:galaxy

Faiblesses (CWE)

CWE-306

References

https://cqureacademy.com/cqure-labs/cqlabs-cve-2019-15511-broken-access-control-in-gog-galaxy(cve@mitre.org)

https://support.gog.com/hc/en-us/articles/360025458833-GOG-GALAXY-2-0-updates-and-known-issues(cve@mitre.org)

https://cqureacademy.com/cqure-labs/cqlabs-cve-2019-15511-broken-access-control-in-gog-galaxy(af854a3a-2127-422b-91ae-364da2661108)

https://support.gog.com/hc/en-us/articles/360025458833-GOG-GALAXY-2-0-updates-and-known-issues(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.