CVE-2024-33219

Exploit

EPSS 0.12%
Published 22.05.2024 15:15:28
Last modified 18.04.2025 16:05:10
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Asus ≫ Sabertooth X99 Firmware Version1.0.1.0

Asus ≫ Sabertooth X99 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.314

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-782 Exposed IOCTL with Insufficient Access Control

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33219

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-33219

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33219

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33219

EUVD