CVE-2020-15530
published 2020-07-05CVE-2020-15530: An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of…
PriorityP337high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.52%
40.4th percentile
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | steam | — | — |
| valvesoftware | steam_client | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2020-15530: steam - An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows l...
vendor_debian·2020·CVSS 7.8
CVE-2020-15530 [HIGH] CVE-2020-15530: steam - An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows l...
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.
Scope: local
bullseye: resolved
GHSA
GHSA-x228-hc8r-8rjq: An issue was discovered in Valve Steam Client 2
ghsa_unreviewed·2022-05-24
CVE-2020-15530 [HIGH] CWE-269 GHSA-x228-hc8r-8rjq: An issue was discovered in Valve Steam Client 2
An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-07-05
Published