Vulnerability Description
In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Valvesoftware | Steam Client | <= 2019-08-07 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://amonitoring.ru/article/steamclient-0day/ExploitPatchThird Party Advisory
- https://github.com/alexanderbittner/steam-privesc/
- https://habr.com/ru/company/pm/blog/462479/ExploitPatchThird Party Advisory
- https://amonitoring.ru/article/steamclient-0day/ExploitPatchThird Party Advisory
- https://github.com/alexanderbittner/steam-privesc/
- https://habr.com/ru/company/pm/blog/462479/ExploitPatchThird Party Advisory
FAQ
What is CVE-2019-14743?
CVE-2019-14743 is a vulnerability with a CVSS score of 6.6 (MEDIUM). In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access...
How severe is CVE-2019-14743?
CVE-2019-14743 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14743?
Check the references section above for vendor advisories and patch information. Affected products include: Valvesoftware Steam Client, Microsoft Windows.