PT-2019-13182 · Waves · Waves Maxxaudio

Published

2019-07-03

Updated

2020-08-24

CVE-2019-13208

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Waves MAXX Audio version 1.9.29.0

Description The issue allows for privilege escalation due to the General registry key having Full Control access for the Users group, which can lead to DLL side loading through WavesSysSvc64.exe.

Recommendations For version 1.9.29.0, restrict access to the General registry key to prevent Full Control access for the Users group, thereby mitigating the risk of DLL side loading through WavesSysSvc64.exe.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-13208

Affected Products

Waves Maxxaudio

PT-2019-13182 · Waves · Waves Maxxaudio

CVE-2019-13208

Weakness Enumeration

Related Identifiers

Affected Products

References · 3