Details of VAR-201707-0235

ID

VAR-201707-0235

CVE

CVE-2017-6005

TITLE

Waves MaxxAudio Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-006827

DESCRIPTION

Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. Waves MaxxAudio Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Delllaptop is a portable computer from Dell Corporation of the United States. WavesAudioWavesMaxxAudio is one of the audio enhancements developed by Israel's WavesAudio. There is a security hole in WavesMaxxAudio in Delllaptop

Trust: 2.16

sources: NVD: CVE-2017-6005 // JVNDB: JVNDB-2017-006827 // CNVD: CNVD-2017-25428

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-25428

AFFECTED PRODUCTS

vendor:	waves	model:	maxxaudio	scope:	eq	version:	1.1.6.0	Trust: 1.6
vendor:	waves audio	model:	maxx audio	scope:	eq	version:	1.1.6.0	Trust: 0.8
vendor:	dell	model:	laptop waves maxxaudio	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-25428 // JVNDB: JVNDB-2017-006827 // NVD: CVE-2017-6005 // CNNVD: CNNVD-201702-508

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-6005
value:	HIGH
Trust: 1.8
CNVD:	CNVD-2017-25428
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-508
value:	HIGH
Trust: 0.6

NVD:
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-6005
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-25428
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

NVD:
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2017-6005
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-25428 // JVNDB: JVNDB-2017-006827 // NVD: CVE-2017-6005 // CNNVD: CNNVD-201702-508

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2017-006827 // NVD: CVE-2017-6005

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201702-508

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201702-508

CONFIGURATIONS

sources: NVD: CVE-2017-6005

PATCH

title:

Top Page

url:

http://www.maxx.com/technologies/maxxaudio/

Trust: 0.8

sources: JVNDB: JVNDB-2017-006827

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6005	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-006827	Trust: 0.8
db:	CNVD	id:	CNVD-2017-25428	Trust: 0.6
db:	CNNVD	id:	CNNVD-201702-508	Trust: 0.6

sources: CNVD: CNVD-2017-25428 // JVNDB: JVNDB-2017-006827 // NVD: CVE-2017-6005 // CNNVD: CNNVD-201702-508

REFERENCES

url:	http://justpentest.blogspot.in/2017/07/dell-unquoted-service-path-local.html	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6005	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6005	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7057	Trust: 0.6

sources: CNVD: CNVD-2017-25428 // JVNDB: JVNDB-2017-006827 // NVD: CVE-2017-6005 // CNNVD: CNNVD-201702-508

SOURCES

db:	CNVD	id:	CNVD-2017-25428
db:	JVNDB	id:	JVNDB-2017-006827
db:	NVD	id:	CVE-2017-6005
db:	CNNVD	id:	CNNVD-201702-508

LAST UPDATE DATE

2023-12-18T12:44:22.736000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-25428	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-006827	date:	2017-09-05T00:00:00
db:	NVD	id:	CVE-2017-6005	date:	2019-10-03T00:03:26.223
db:	CNNVD	id:	CNNVD-201702-508	date:	2019-10-23T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-25428	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-006827	date:	2017-09-05T00:00:00
db:	NVD	id:	CVE-2017-6005	date:	2017-07-26T08:29:00.663
db:	CNNVD	id:	CNNVD-201702-508	date:	2017-02-16T00:00:00