CVE-2019-17180

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://habr.com/ru/company/pm/blog/469507/", "name": "https://habr.com/ru/company/pm/blog/469507/", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://amonitoring.ru/article/steam_vuln_3/", "name": "https://amonitoring.ru/article/steam_vuln_3/", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://hackerone.com/reports/682774", "name": "https://hackerone.com/reports/682774", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://store.steampowered.com/news/54236/", "name": "https://store.steampowered.com/news/54236/", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://hackerone.com/reports/583184", "name": "https://hackerone.com/reports/583184", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-17180", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2019-10-04T20:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:valvesoftware:steam_client:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2019-09-12"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-01-16T13:15Z"}