CVE-2019-19820

Опубликовано: 10 янв. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive.

Ссылки

https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-04-kyrol-internet-security-invalid-pointer-vulnerability.md
Exploit
Third Party Advisory
https://nafiez.github.io/security/vulnerability/2019/12/04/kyrol-internet-security-invalid-pointer-vulnerability.html
Exploit
Third Party Advisory
https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-04-kyrol-internet-security-invalid-pointer-vulnerability.md
Exploit
Third Party Advisory
https://nafiez.github.io/security/vulnerability/2019/12/04/kyrol-internet-security-invalid-pointer-vulnerability.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kyrol:internet_security:9.0.6.9:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00186

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-763

Связанные уязвимости

GHSA-4q44-xggm-4fc7

github

больше 3 лет назад