CVE-2019-14602

Name of the Vulnerable Software and Affected Versions Nuvoton CIR Driver versions 1.02.1002 and before

Description The issue is related to improper permissions in the installer for the Nuvoton CIR Driver, which may allow an authenticated user to potentially enable escalation of privilege via local access. This is due to errors in using standard permissions. Exploitation of the issue may allow an attacker to elevate their privileges.

Recommendations For versions 1.02.1002 and before, consider restricting access to the installer until a patch is available. As a temporary workaround, review and adjust the permissions settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.