exploitDog

CVE-2021-42682

Опубликовано: 07 дек. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 7.2

EPSS Низкий

Описание

An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.

Ссылки

https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/
Exploit
Technical Description
Third Party Advisory
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:accops:hyworks_dvm_tools:*:*:*:*:*:*:*:*

Версия до 3.3.1.105 (исключая)

EPSS

Процентиль: 20%

0.00064

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-190

Связанные уязвимости

GHSA-g83m-vp5r-mgmm

github

около 4 лет назад

An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.

EPSS

Процентиль: 20%

0.00064

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-190