Vulnerability Description
Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Htc | Viveport | < 1.0.0.36 |
Related Weaknesses (CWE)
References
- https://community.viveport.com/Vendor Advisory
- https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8ExploitThird Party Advisory
- https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585Not Applicable
- https://community.viveport.com/Vendor Advisory
- https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8ExploitThird Party Advisory
- https://posts.specterops.io/razer-synapse-3-elevation-of-privilege-6d2802bd0585Not Applicable
FAQ
What is CVE-2019-12177?
CVE-2019-12177 is a vulnerability with a CVSS score of 7.8 (HIGH). Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.
How severe is CVE-2019-12177?
CVE-2019-12177 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12177?
Check the references section above for vendor advisories and patch information. Affected products include: Htc Viveport.