CVE-2019-13382

CVSS V2 High 9.3 CVSS V3 High 7.8
Description
UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.
Overview
  • CVE ID
  • CVE-2019-13382
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2019-07-26T13:15:12
  • Last Modified Date
  • 2020-08-24T17:37:01
Weakness Enumerations
CWE URL
CWE-59 http://cwe.mitre.org/data/definitions/59.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:techsmith:snagit:2019.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://support.techsmith.com/hc/en-us/articles/115006435067-Snagit-Windows-Version-History Vendor Advisory
https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349 Exploit Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2019-13382
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13382
History
Created Old Value New Value Data Type Notes
2022-05-10 16:34:56 Added to TrackCVE
2022-12-03 23:58:32 2019-07-26T13:15Z 2019-07-26T13:15:12 CVE Published Date updated
2022-12-03 23:58:32 2020-08-24T17:37:01 CVE Modified Date updated
2022-12-03 23:58:33 Modified Vulnerability Status updated