- Description
- A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (before 3.3.8.0) and Splashtop Business (before 3.3.8.0).
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.6
- Impact score
- 5.2
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 6.3
- Impact score
- 9.2
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:N/I:C/A:C
- nvd@nist.gov
- CWE-732
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splashtop:software_updater:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9088238B-7498-43DB-AE60-558514DADC49",
"versionEndExcluding": "1.5.6.16"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splashtop:streamer:*:*:*:*:-:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "00ECE2CA-D678-4299-9E39-F13DA5FD4685",
"versionEndExcluding": "3.3.8.0"
},
{
"criteria": "cpe:2.3:a:splashtop:streamer:*:*:*:*:business:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "E21F57C8-6562-4CEA-A5E5-7C653CDDB5FF",
"versionEndExcluding": "3.3.8.0"
}
],
"operator": "OR"
}
]
}
]