CVE-2019-14432

{"id": "CVE-2019-14432", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-08-07T15:15:13.843", "references": [{"url": "https://thomask.sdf.org/blog/2019/08/07/cve-2019-14432-loom-desktop-rce-vulnerability.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.loom.com/blog/loom-desktop-application-security-fix/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://thomask.sdf.org/blog/2019/08/07/cve-2019-14432-loom-desktop-rce-vulnerability.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.loom.com/blog/loom-desktop-application-security-fix/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time."}, {"lang": "es", "value": "Autenticaci\u00f3n incorrecta de conexiones de WebSocket de la aplicaci\u00f3n en Loom Desktop para Mac hasta versi\u00f3n 0.16.0, permite la ejecuci\u00f3n de c\u00f3digo remota desde un JavaScript malicioso en un navegador o host en la misma red, durante per\u00edodos en el que un usuario est\u00e1 grabando un v\u00eddeo con la aplicaci\u00f3n. El mismo vector de ataque puede ser usado para bloquear la aplicaci\u00f3n en cualquier momento."}], "lastModified": "2024-11-21T04:26:44.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:loom:loom:*:*:*:*:desktop:mac:*:*", "vulnerable": true, "matchCriteriaId": "D2CA876E-B70B-422D-9D73-7F4816665331", "versionEndIncluding": "0.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}