Sign-up

ID

VAR-201912-1384


CVE

CVE-2019-19620


TITLE

SecureWorks Red Cloak Windows Agent Vulnerable to improper retention of permissions

Trust: 0.8

sources: JVNDB: JVNDB-2019-013144

DESCRIPTION

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file. SecureWorks Red Cloak Windows Agent Contains a vulnerability in improper retention of permissions.Information may be tampered with. A local attacker could exploit this vulnerability to bypass security protections

Trust: 1.71

sources: NVD: CVE-2019-19620 // JVNDB: JVNDB-2019-013144 // VULHUB: VHN-152085

AFFECTED PRODUCTS

vendor:dellmodel:red cloak windows agentscope:ltversion:2.0.7.9

Trust: 1.0

vendor:dellmodel:secureworks red cloak windows agentscope:ltversion:2.0.7.9

Trust: 0.8

sources: JVNDB: JVNDB-2019-013144 // NVD: CVE-2019-19620

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19620
value: LOW

Trust: 1.0

NVD: CVE-2019-19620
value: LOW

Trust: 0.8

CNNVD: CNNVD-201912-279
value: LOW

Trust: 0.6

VULHUB: VHN-152085
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-19620
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-152085
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-19620
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-19620
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-152085 // JVNDB: JVNDB-2019-013144 // CNNVD: CNNVD-201912-279 // NVD: CVE-2019-19620

PROBLEMTYPE DATA

problemtype:CWE-281

Trust: 1.9

sources: VULHUB: VHN-152085 // JVNDB: JVNDB-2019-013144 // NVD: CVE-2019-19620

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-279

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-279

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013144

PATCH
title:Advanced Endpoint Threat Detection with Red Cloakurl:https://www.secureworks.com/resources/ds-aetd-red-cloak-data-sheet
Trust: 0.8
title:SecureWorks Red Cloak Windows Agent Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105269
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013144 // 
            
            
            
            CNNVD: CNNVD-201912-279

EXTERNAL IDS
db:NVDid:CVE-2019-19620
Trust: 2.5
db:JVNDBid:JVNDB-2019-013144
Trust: 0.8
db:CNNVDid:CNNVD-201912-279
Trust: 0.7
db:VULHUBid:VHN-152085
Trust: 0.1
sources:
            
            
            VULHUB: VHN-152085 // 
            
            
            
            JVNDB: JVNDB-2019-013144 // 
            
            
            
            CNNVD: CNNVD-201912-279 // 
            
            
            
            NVD: CVE-2019-19620

REFERENCES
url:https://www.secureworks.com/resources/ds-aetd-red-cloak-data-sheet
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-19620
Trust: 1.4
url:https://medium.com/%40cowbellsteve/secureworks-red-cloak-local-bypass-bfaed2be407e
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19620
Trust: 0.8
url:https://medium.com/cowbellsteve/secureworks-red-cloak-local-bypass-bfaed2be407e
Trust: 0.8
url:https://medium.com/@cowbellsteve/secureworks-red-cloak-local-bypass-bfaed2be407e
Trust: 0.7
sources:
            
            
            VULHUB: VHN-152085 // 
            
            
            
            JVNDB: JVNDB-2019-013144 // 
            
            
            
            CNNVD: CNNVD-201912-279 // 
            
            
            
            NVD: CVE-2019-19620

SOURCES
db:VULHUBid:VHN-152085
db:JVNDBid:JVNDB-2019-013144
db:CNNVDid:CNNVD-201912-279
db:NVDid:CVE-2019-19620

LAST UPDATE DATE
2024-11-23T22:33:38.159000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-152085date:2019-12-17T00:00:00
db:JVNDBid:JVNDB-2019-013144date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-279date:2019-12-18T00:00:00
db:NVDid:CVE-2019-19620date:2024-11-21T04:35:04.697

SOURCES RELEASE DATE
db:VULHUBid:VHN-152085date:2019-12-06T00:00:00
db:JVNDBid:JVNDB-2019-013144date:2019-12-20T00:00:00
db:CNNVDid:CNNVD-201912-279date:2019-12-06T00:00:00
db:NVDid:CVE-2019-19620date:2019-12-06T16:15:11.187