Details of VAR-202002-0477

ID

VAR-202002-0477

CVE

CVE-2019-19452

TITLE

Patriot Viper RGB Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014628

DESCRIPTION

A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges. Patriot Viper RGB Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Trust: 2.7

sources: NVD: CVE-2019-19452 // JVNDB: JVNDB-2019-014628 // CNVD: CNVD-2020-13040 // CNNVD: CNNVD-202002-1060

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-13040

AFFECTED PRODUCTS

vendor:	patriotmemory	model:	viper rgb driver	scope:	lte	version:	1.1	Trust: 1.0
vendor:	patriot memory	model:	viper rgb	scope:	eq	version:	1.1	Trust: 0.8
vendor:	patriot	model:	viper rgb	scope:	lte	version:	<=1.1	Trust: 0.6
vendor:	patriotmemory	model:	viper rgb driver	scope:	eq	version:	1.1	Trust: 0.6

sources: CNVD: CNVD-2020-13040 // JVNDB: JVNDB-2019-014628 // CNNVD: CNNVD-202002-1060 // NVD: CVE-2019-19452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19452
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014628
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-13040
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202002-1060
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-19452
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014628
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-13040
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-19452
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014628
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-13040 // JVNDB: JVNDB-2019-014628 // CNNVD: CNNVD-202002-1060 // NVD: CVE-2019-19452

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2019-014628 // NVD: CVE-2019-19452

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-1060

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1060

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014628

PATCH

title:	Top Page	url:	https://viper.patriotmemory.com/	Trust: 0.8
title:	Patch for Patriot Viper RGB Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/204005	Trust: 0.6
title:	Patriot Viper RGB Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110251	Trust: 0.6

sources: CNVD: CNVD-2020-13040 // JVNDB: JVNDB-2019-014628 // CNNVD: CNNVD-202002-1060

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19452	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-014628	Trust: 0.8
db:	CNVD	id:	CNVD-2020-13040	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-1060	Trust: 0.6

sources: CNVD: CNVD-2020-13040 // JVNDB: JVNDB-2019-014628 // CNNVD: CNNVD-202002-1060 // NVD: CVE-2019-19452

REFERENCES

url:	https://www.coresecurity.com/advisories/viper-rgb-driver-multiple-vulnerabilities	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19452	Trust: 2.0
url:	https://www.viper.patriotmemory.com	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19452	Trust: 0.8

sources: CNVD: CNVD-2020-13040 // JVNDB: JVNDB-2019-014628 // CNNVD: CNNVD-202002-1060 // NVD: CVE-2019-19452

SOURCES

db:	CNVD	id:	CNVD-2020-13040
db:	JVNDB	id:	JVNDB-2019-014628
db:	CNNVD	id:	CNNVD-202002-1060
db:	NVD	id:	CVE-2019-19452

LAST UPDATE DATE

2024-11-23T23:11:34.362000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-13040	date:	2020-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-014628	date:	2020-03-05T00:00:00
db:	CNNVD	id:	CNNVD-202002-1060	date:	2020-03-02T00:00:00
db:	NVD	id:	CVE-2019-19452	date:	2024-11-21T04:34:45.783

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-13040	date:	2020-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-014628	date:	2020-03-05T00:00:00
db:	CNNVD	id:	CNNVD-202002-1060	date:	2020-02-21T00:00:00
db:	NVD	id:	CVE-2019-19452	date:	2020-02-21T15:15:11.953