7.8
CVE-2018-19322
- EPSS 2.88%
- Veröffentlicht 21.12.2018 23:29:00
- Zuletzt bearbeitet 07.11.2025 19:09:38
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gigabyte ≫ Aorus Graphics Engine Version < 1.57
Gigabyte ≫ App Center Version <= 1.05.21
Gigabyte ≫ Oc Guru Ii Version2.08
Gigabyte ≫ Xtreme Gaming Engine Version < 1.26
24.10.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
GIGABYTE Multiple Products Code Execution Vulnerability
SchwachstelleThe GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.88% | 0.859 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-749 Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.