PT-2018-10058 · Asrock · Restarttouefi+3

Diego Juarez

Publicado

2018-10-30

Atualizado

2019-10-03

CVE-2018-10709

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ASRock RGBLED versions prior to 1.0.35.1 A-Tuning versions prior to 3.0.210 F-Stream versions prior to 3.0.210 RestartToUEFI versions prior to 1.0.6.2

Description The issue concerns the exposure of functionality to read and write CR register values through low-level drivers in several software products. This could potentially be leveraged to run code with elevated privileges.

Recommendations For ASRock RGBLED versions prior to 1.0.35.1, update to version 1.0.35.1 or later. For A-Tuning versions prior to 3.0.210, update to version 3.0.210 or later. For F-Stream versions prior to 3.0.210, update to version 3.0.210 or later. For RestartToUEFI versions prior to 1.0.6.2, update to version 1.0.6.2 or later.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2018-10709

Produtos afetados

A-Tuning

Asrock Rgbled

F-Stream

Restarttouefi

PT-2018-10058 · Asrock · Restarttouefi+3

CVE-2018-10709

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4