Executive Summary

Informations
NameCVE-2019-8372First vendor Publication2019-02-18
VendorCveLast vendor Modification2019-02-26

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score6.9Attack RangeLocal
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8372

CWE : Common Weakness Enumeration

%idName
100 %CWE-59Improper Link Resolution Before File Access ('Link Following')

Sources (Detail)

SourceUrl
MISC http://www.jackson-t.ca/lg-driver-lpe.html
https://lgsecurity.lge.com/security_updates.html
https://twitter.com/Jackson_T/status/1097353402034475009

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-02-26 17:19:49
  • Multiple Updates
2019-02-19 12:01:12
  • First insertion