exploitDog

CVE-2021-27965

Опубликовано: 05 мар. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

Ссылки

https://github.com/kronl/cve/tree/master/MSI_Dragon_Center
Broken Link
Third Party Advisory
https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab
Patch
Vendor Advisory
https://github.com/kronl/cve/tree/master/MSI_Dragon_Center
Broken Link
Third Party Advisory
https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:msi:dragon_center:*:*:*:*:*:*:*:*

Версия до 2.0.98.0 (исключая)

EPSS

Процентиль: 96%

0.22627

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120

Связанные уязвимости

GHSA-rf7h-w3mq-vjqq

github

больше 3 лет назад

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

EPSS

Процентиль: 96%

0.22627

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120