CVE-2019-16896

{"id": "CVE-2019-16896", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-12-27T16:15:11.320", "references": [{"url": "https://github.com/NtRaiseHardError/Antimalware-Research/blob/master/K7%20Security/Local%20Privilege%20Escalation/v16.0.0117/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.k7computing.com/index.php?/selfhelp/categories/Vulnerability%20Report%20and%20Advisory/29", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality."}, {"lang": "es", "value": "En K7 Ultimate Security versi\u00f3n 16.0.0117, el m\u00f3dulo K7BKCExt.dll (tambi\u00e9n se conoce como el m\u00f3dulo de copia de seguridad) valida inapropiadamente los privilegios administrativos del usuario, permitiendo una escritura de un archivo arbitrario por medio de un ataque de enlace simb\u00f3lico con la funcionalidad de restauraci\u00f3n de archivos."}], "lastModified": "2020-01-09T17:46:16.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:k7computing:k7_ultimate_security:16.0.0117:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "727C02CD-B22B-4CBD-BCB4-56909D462C97"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}