How severe is CVE-2019-12889?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2019-12889?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2019-12889

HIGH Year: 2019

CVSS v3 Score

7.0

High

CVSS v2 Score

6.9

Medium

Weakness Type

CWE-269

View all →

Vulnerability Description

An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can escalate their privileges to NT AUTHORITY\System. An attacker would need local access to the machine for a successful exploit. The attacker must disconnect the computer from the local network / WAN and connect it to an internet facing access point / network. At that point, the attacker can execute the password-reset functionality, which will expose a web browser. Browsing to a site that calls local Windows system functions (e.g., file upload) will expose the local file system. From there an attacker can launch a privileged command shell.

CVE-2016-2059

HIGH

CVSS:7.0(High)

The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contrib...

CWE-2692016

CVE-2017-6728

HIGH

CVSS:7.0(High)

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permi...

CWE-2692017

CVE-2018-0821

HIGH

CVSS:7.0(High)

AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonation...

CWE-2692018

CVE-2019-1175

HIGH

CVSS:7.0(High)

An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permi...

CWE-2692019

CVE-2019-1177

HIGH

CVSS:7.0(High)

An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permis...

CWE-2692019

CVE-2019-3735

HIGH

CVSS:7.0(High)

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vu...

CWE-2692019

CVE-2019-12889

Vulnerability Description

Related Vulnerabilities

CVE-2016-2059

CVE-2017-6728

CVE-2018-0821

CVE-2019-1175

CVE-2019-1177

CVE-2019-3735