PT-2019-17402 · Wacom · Wacom Driver

Published

2019-10-24

Updated

2022-06-07

CVE-2019-5013

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wacom driver version 6.3.32-3

Description A privilege escalation issue exists in the update helper service, specifically in the start/stopLaunchDProcess command. This command executes launchctl under root context, using a user-supplied string argument. With local access, an attacker can exploit this to load arbitrary launchD agents.

Recommendations For Wacom driver version 6.3.32-3, as a temporary workaround, consider restricting access to the start/stopLaunchDProcess command until a patch is available. Additionally, limit the use of launchctl to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2019-5013

Affected Products

Wacom Driver

PT-2019-17402 · Wacom · Wacom Driver

CVE-2019-5013

Weakness Enumeration

Related Identifiers

Affected Products

References · 3