CVE-2019-5012 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wacom	Driver	6.3.32-3
Apple	Macos	-

Related Weaknesses (CWE)

CWE-88

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0760Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0760Third Party Advisory

FAQ

What is CVE-2019-5012?

CVE-2019-5012 is a vulnerability with a CVSS score of 7.8 (HIGH). An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and...

How severe is CVE-2019-5012?

CVE-2019-5012 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5012?

Check the references section above for vendor advisories and patch information. Affected products include: Wacom Driver, Apple Macos.