exploitDog

CVE-2019-17603

Опубликовано: 02 июн. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

Ссылки

http://packetstormsecurity.com/files/158221/ASUS-Aura-Sync-1.07.71-Privilege-Escalation.html
https://zer0-day.pw/2020-06/asus-aura-sync-stack-based-buffer-overflow/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/158221/ASUS-Aura-Sync-1.07.71-Privilege-Escalation.html
https://zer0-day.pw/2020-06/asus-aura-sync-stack-based-buffer-overflow/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:asus:aura_sync:*:*:*:*:*:*:*:*

Версия до 1.07.71 (включая)

EPSS

Процентиль: 44%

0.0022

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-r8j8-g2w7-mrrc

github

больше 3 лет назад

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

EPSS

Процентиль: 44%

0.0022

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787