Описание
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.210 (исключая)Версия до 3.0.210 (исключая)Версия до 1.0.6.2 (исключая)Версия до 1.0.35.1 (исключая)
Одно из
cpe:2.3:a:asrock:a-tuning:*:*:*:*:*:*:*:*
cpe:2.3:a:asrock:f-stream:*:*:*:*:*:*:*:*
cpe:2.3:a:asrock:restart_to_uefi:*:*:*:*:*:*:*:*
cpe:2.3:a:asrock:rgbled:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00535
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
EPSS
Процентиль: 67%
0.00535
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-732