Improper Privilege Management
CVE-2020-13517
Summary
An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-269 - Improper Privilege Management
An effective privilege management infrastructure provides valid users with required access and privileges across heterogeneous technology environments. An application with a faulty privilege management infrastructure allows higher than authorized privileges or enables privilege escalation. This can lead to security incidents such as system infiltration, data breach, and complete system takeover.
References
Advisory Timeline
- Published