CVE-2020-15530
Last modified
CVE-2020-15530 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. EPSS estimates a 0.49% chance of exploitation in the next 30 days.
Description
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Valvesoftware | Steam Client | 2.10.91.91 |
References
- http://daniels-it-blog.blogspot.com/2020/07/steam-arbitrary-code-execution-part-2.htmlExploit, Third Party Advisory
- http://daniels-it-blog.blogspot.com/2020/07/steam-arbitrary-code-execution-part-2.htmlExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-15530?
How severe is CVE-2020-15530?
How do I fix CVE-2020-15530?
Are you affected by CVE-2020-15530?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST