CVE-2019-14743
MEDIUMValvesoftware Steam Client - Incorrect Permission Assignment
Title source: ruleDescription
In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access.
References (3)
Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://amonitoring.ru/article/steamclient-0day/
Exploit, Patch, Third Party Advisory x_refsource_misc
https://habr.com/ru/company/pm/blog/462479/
Various Sources x_refsource_misc
https://github.com/alexanderbittner/steam-privesc/
Scores
CVSS v3
6.6
EPSS
0.0002
EPSS Percentile
5.6%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
valvesoftware/steam_client
< 2019-08-07
Published
Aug 07, 2019
Tracked Since
Feb 18, 2026