CVE-2024-33219

Published: May 22, 2024Modified: Apr 18, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

Affected (1)

Products: Asus: Sabertooth X99 Firmware

Asus

1 product

Sabertooth X99 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Sabertooth X99 Firmware	Version 1.0.1.0

Running on/with	Platform Versions
Asus Sabertooth X99	All versions

Related CWEs

CWE-782

Exposed IOCTL with Insufficient Access Control

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

References (2)

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33219

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33219

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.