{"api_version":"1","generated_at":"2026-04-11T05:53:06+00:00","cve":"CVE-2019-17180","urls":{"html":"https://cve.report/CVE-2019-17180","api":"https://cve.report/api/cve/CVE-2019-17180.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-17180","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-17180"},"summary":{"title":"CVE-2019-17180","description":"Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-10-04 20:15:00","updated_at":"2020-01-16 13:15:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://store.steampowered.com/news/54236/","name":"https://store.steampowered.com/news/54236/","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"News - Steam Client Update Released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://amonitoring.ru/article/steam_vuln_3/","name":"https://amonitoring.ru/article/steam_vuln_3/","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Third Steam Windows Client vulnerability, but not 0day","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://hackerone.com/reports/682774","name":"https://hackerone.com/reports/682774","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://hackerone.com/reports/583184","name":"https://hackerone.com/reports/583184","refsource":"MISC","tags":[],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://habr.com/ru/company/pm/blog/469507/","name":"https://habr.com/ru/company/pm/blog/469507/","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Третья уязвимость Steam Windows Client, но не 0day / Блог компании Перспективный мониторинг / Хабр","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-17180","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17180","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"17180","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"17180","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"17180","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"valvesoftware","cpe5":"steam_client","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"17180","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"valvesoftware","cpe5":"steam_client","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-17180","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://amonitoring.ru/article/steam_vuln_3/","refsource":"MISC","name":"https://amonitoring.ru/article/steam_vuln_3/"},{"url":"https://habr.com/ru/company/pm/blog/469507/","refsource":"MISC","name":"https://habr.com/ru/company/pm/blog/469507/"},{"url":"https://hackerone.com/reports/682774","refsource":"MISC","name":"https://hackerone.com/reports/682774"},{"url":"https://store.steampowered.com/news/54236/","refsource":"MISC","name":"https://store.steampowered.com/news/54236/"},{"refsource":"MISC","name":"https://hackerone.com/reports/583184","url":"https://hackerone.com/reports/583184"}]}},"nvd":{"publishedDate":"2019-10-04 20:15:00","lastModifiedDate":"2020-01-16 13:15:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:valvesoftware:steam_client:*:*:*:*:*:*:*:*","versionEndExcluding":"2019-09-12","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"17180","Ordinal":"156958","Title":"CVE-2019-17180","CVE":"CVE-2019-17180","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"17180","Ordinal":"1","NoteData":"Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"17180","Ordinal":"2","NoteData":"2019-10-04","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"17180","Ordinal":"3","NoteData":"2020-01-16","Type":"Other","Title":"Modified"}]}}}