Lucene search

[email protected]CVE-2017-6005

HistoryJul 26, 2017 - 8:29 a.m.

CVE-2017-6005

2017-07-2608:29:00

[email protected]

web.nvd.nist.gov

cve-2017-6005

waves maxxaudio

dell laptops

vulnerability

arbitrary code execution

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Waves MaxxAudio, as installed on Dell laptops, adds a “WavesSysSvc” Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

Affected configurations

NVD

Node

wavesmaxxaudioMatch1.1.6.0

CPENameOperatorVersion
waves:maxxaudiowaves maxxaudioeq1.1.6.0

CPE	Name	Operator	Version
waves:maxxaudio	waves maxxaudio	eq	1.1.6.0

References

justpentest.blogspot.in/2017/07/dell-unquoted-service-path-local.html

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2017-6005

cvelist1 prion1 nvd1 openvas1