CVE-2018-10711

Exploit

EPSS 0.39%
Veröffentlicht 30.10.2018 18:29:00
Zuletzt bearbeitet 21.11.2024 03:41:54
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asrock ≫ A-tuning Version < 3.0.210

Asrock ≫ F-stream Version < 3.0.210

Asrock ≫ Restart To Uefi Version < 1.0.6.2

Asrock ≫ Rgbled Version < 1.0.35.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.596

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.exploit-db.com/exploits/45716/

Third Party Advisory

Exploit

VDB Entry

https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-10711

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-10711

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-10711

EUVD