nvd-json-data-feeds/CVE-2017/CVE-2017-60xx/CVE-2017-6005.json

{
  "id": "CVE-2017-6005",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2017-07-26T08:29:00.663",
  "lastModified": "2019-10-03T00:03:26.223",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Waves MaxxAudio, as installed on Dell laptops, adds a \"WavesSysSvc\" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system."
    },
    {
      "lang": "es",
      "value": "Waves MaxxAudio, tal como es instalado en laptops Dell, agrega un servicio de Windows \"WavesSysSvc\" con la versi\u00f3n de archivo 1.1.6.0. Este servicio tiene una vulnerabilidad conocida como ruta de servicio sin entrecomillar. Esto podr\u00eda potencialmente permitir a un usuario local autorizado pero no privilegiado ejecutar c\u00f3digo arbitrario con privilegios elevados en el sistema."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:waves:maxxaudio:1.1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A825008D-B9FB-439D-92A7-A63A5779C9C6"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://justpentest.blogspot.in/2017/07/dell-unquoted-service-path-local.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}