nvd-json-data-feeds/CVE-2020/CVE-2020-97xx/CVE-2020-9759.json

{
  "id": "CVE-2020-9759",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-03-23T16:15:17.860",
  "lastModified": "2024-11-21T05:41:13.870",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad del emulador de TV de LG Electronic web OS podr\u00eda permitir a un atacante escalar privilegios y sobrescribir ciertos archivos. Esta vulnerabilidad se debe a una configuraci\u00f3n incorrecta del entorno. Un atacante podr\u00eda explotar esta vulnerabilidad a trav\u00e9s de archivos de configuraci\u00f3n y archivos ejecutables manipulados"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cve@mitre.org",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 2.7
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "baseScore": 9.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-494"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:lg:webos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13331D79-38CF-4CC4-8F82-7591FC7C09AF"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Not Applicable",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Not Applicable",
        "Third Party Advisory"
      ]
    }
  ]
}