cnvd - cnvd-2020-03065

CNVD-2020-03065

Vulnerability from cnvd - Published: 2020-01-21

Title

Sony Catalyst Production Suite和Catalyst Browse权限提升漏洞

Description

Sony catalyst production suite是由索尼推出的一款视频编辑处理套件，该套件其实是包含了atalyst Edit和Catalyst Prepare两个组件。Sony Catalyst Browse是一个媒体管理软件。 Sony Catalyst Production Suite 2019.1 (1.1.0.21)及之前版本和Catalyst Browse 2019.1 (1.1.0.21)及之前版本中存在安全漏洞。攻击者可利用该漏洞获取管理员权限并以该权限运行程序。

Severity

中

Formal description

目前厂商尚未提供相关漏洞补丁链接，请关注厂商主页随时更新： https://www.sony.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-19364

Impacted products

Name
['Sony Catalyst Production Suite <=2019.1 (1.1.0.21)', 'Sony Catalyst Browse <=2019.1 (1.1.0.21)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19364"
    }
  },
  "description": "Sony catalyst production suite\u662f\u7531\u7d22\u5c3c\u63a8\u51fa\u7684\u4e00\u6b3e\u89c6\u9891\u7f16\u8f91\u5904\u7406\u5957\u4ef6\uff0c\u8be5\u5957\u4ef6\u5176\u5b9e\u662f\u5305\u542b\u4e86atalyst Edit\u548cCatalyst Prepare\u4e24\u4e2a\u7ec4\u4ef6\u3002Sony Catalyst Browse\u662f\u4e00\u4e2a\u5a92\u4f53\u7ba1\u7406\u8f6f\u4ef6\u3002\n\nSony Catalyst Production Suite 2019.1 (1.1.0.21)\u53ca\u4e4b\u524d\u7248\u672c\u548cCatalyst Browse 2019.1 (1.1.0.21)\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\u5e76\u4ee5\u8be5\u6743\u9650\u8fd0\u884c\u7a0b\u5e8f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u968f\u65f6\u66f4\u65b0\uff1a\r\nhttps://www.sony.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03065",
  "openTime": "2020-01-21",
  "products": {
    "product": [
      "Sony Catalyst Production Suite \u003c=2019.1 (1.1.0.21)",
      "Sony Catalyst Browse \u003c=2019.1 (1.1.0.21)"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-19364",
  "serverity": "\u4e2d",
  "submitTime": "2019-12-23",
  "title": "Sony Catalyst Production Suite\u548cCatalyst Browse\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2019-19364 (GCVE-0-2019-19364)

Vulnerability from cvelistv5 – Published: 2019-12-04 18:42 – Updated: 2024-08-05 02:16

Summary

A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://gist.github.com/Eli-Paz/482b514320009f3e7…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:47.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don\u2019t exist from its current directory; by doing so, an attacker can quickly escalate its privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-23T21:27:53",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19364",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don\u2019t exist from its current directory; by doing so, an attacker can quickly escalate its privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350",
              "refsource": "MISC",
              "url": "https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19364",
    "datePublished": "2019-12-04T18:42:20",
    "dateReserved": "2019-11-27T00:00:00",
    "dateUpdated": "2024-08-05T02:16:47.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-03065

CVE-2019-19364 (GCVE-0-2019-19364)

Tags

Sightings

Nomenclature