exploitDog

CVE-2020-11520

Опубликовано: 22 июн. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.

Ссылки

https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2-hf1
Release Notes
Vendor Advisory
https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2/
Release Notes
Vendor Advisory
https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2-hf1
Release Notes
Vendor Advisory
https://www.winmagic.com/support/release-notes/securedoc-v8-5-sr2/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:winmagic:securedoc:*:*:*:*:*:*:*:*

Версия до 8.5 (включая)

EPSS

Процентиль: 31%

0.00115

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-3q48-7vgf-gh5j

CVSS3: 7.8

github

больше 3 лет назад

The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.

EPSS

Процентиль: 31%

0.00115

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-119