CVE-2019-12176

Published: Jun 3, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Privilege escalation in the "HTC Account Service" and "ViveportDesktopService" in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service.

Affected (1)

Products: Htc: Viveport

Htc

1 product

Viveport

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Htc Viveport	Before 1.0.0.36

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://community.viveport.com/

Source: cve@mitre.org

Vendor Advisory

https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8

Source: cve@mitre.org

Third Party Advisory

https://community.viveport.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.