CVE-2019-15295

{"id": "CVE-2019-15295", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-08-21T18:15:13.713", "references": [{"url": "https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-serviceinstance-dll-bitdefender-antivirus-free-2020/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path."}, {"lang": "es", "value": "Una vulnerabilidad en An Untrusted Search Path en las versiones de la biblioteca ServiceInstance.dll 1.0.15.119 y anteriores, como se usa en las versiones de Bitdefender Antivirus Free 2020 anteriores a la versi\u00f3n1.0.15.138, permite a un atacante cargar un archivo DLL arbitrario desde la ruta de b\u00fasqueda."}], "lastModified": "2019-08-28T15:54:15.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bitdefender:antivirus_2020:*:*:*:*:free:*:*:*", "vulnerable": true, "matchCriteriaId": "2C26EEE4-E777-467A-8072-61A3743CD3CD", "versionEndExcluding": "1.0.15.138"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}