CVE-2020-15480

Опубликовано: 07 авг. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.

Ссылки

https://github.com/eset/vulnerability-disclosures
Third Party Advisory
https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md
Exploit
Third Party Advisory
https://www.passmark.com/forum/index.php
Vendor Advisory
https://www.passmark.com/support/index.php
Vendor Advisory
https://github.com/eset/vulnerability-disclosures
Third Party Advisory
https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md
Exploit
Third Party Advisory
https://www.passmark.com/forum/index.php
Vendor Advisory
https://www.passmark.com/support/index.php
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:passmark:burnintest:*:*:*:*:*:*:*:*

Версия до 9.1 (включая)

cpe:2.3:a:passmark:osforensics:*:*:*:*:*:*:*:*

Версия до 7.1 (включая)

cpe:2.3:a:passmark:performancetest:*:*:*:*:*:*:*:*

Версия до 10.0 (включая)

EPSS

Процентиль: 22%

0.00074

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-9759-cv86-jj63