CVE-2021-28685

EPSS 0.04%
Published 08.04.2021 11:15:12
Last modified 21.11.2024 06:00:08
Source cve@mitre.org
Teams watchlist Login
Open Login

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Asus ≫ Gputweak Ii Version < 2.3.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

Vendor Advisory

https://gist.github.com/DStraghkov/fba4994ac4bb3a6e2940b21743563df0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-28685

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28685

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28685

EUVD