CVE-2019-18845

Published: Nov 9, 2019Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

Affected (1)

Products: Patriotmemory: Viper Rgb Firmware

1 product

Viper Rgb Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Patriotmemory Viper Rgb Firmware	Version 1.0

Running on/with	Platform Versions
Patriotmemory Viper Rgb	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-012.md

Source: cve@mitre.org

https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-012.md

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.