CVE-2019-14743

low-risk

Published 2019-08-07

In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.6/10 Medium

PHYSICAL / LOW complexity

Affected Products (1)

Steam Client

Affected Vendors

Valvesoftware

References (6)

Exploit https://amonitoring.ru/article/steamclient-0day/

https://github.com/alexanderbittner/steam-privesc/

Exploit https://habr.com/ru/company/pm/blog/462479/

Exploit https://amonitoring.ru/article/steamclient-0day/

https://github.com/alexanderbittner/steam-privesc/

Exploit https://habr.com/ru/company/pm/blog/462479/

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal