PT-2019-2538 · Synaptics · Synaptics Sound Device Drivers

Publicado

2019-04-12

Atualizado

2020-08-24

CVE-2019-9730

CVSS v3.1

8.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synaptics Sound Device drivers versions prior to 2.29

Description The issue is related to insufficient access control in the CxUtilSvc component of the Synaptics Sound Device drivers. This can be exploited by a local attacker to elevate privileges in the Windows Registry using an unpublished API.

Recommendations For versions prior to 2.29, update to version 2.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the CxUtilSvc component until a patch is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2019-02383

CVE-2019-9730

Produtos afetados

Synaptics Sound Device Drivers

PT-2019-2538 · Synaptics · Synaptics Sound Device Drivers

CVE-2019-9730

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10