CVE-2019-12177

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
htcviveport
𝑥
< 1.0.0.36
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.viveport.com/
https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8
https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585
https://community.viveport.com/
https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8
https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585