exploitDog

GHSA-pm9g-2hv5-xfp2

Опубликовано: 15 фев. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.

Ссылки

EPSS

Процентиль: 10%

0.00034

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-269

Связанные уязвимости

CVE-2022-42455

CVSS3: 7.8

nvd

почти 3 года назад

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.

EPSS

Процентиль: 10%

0.00034

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-269