PT-2018-14980 · Unknown · Driveragent

Published

2018-12-18

Updated

2019-11-20

CVE-2018-19522

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions DriverAgent version 2.2015.7.14

Description The issue allows a user to send an IOCTL (0x800020F4) with a buffer containing user-defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input.

Recommendations For DriverAgent version 2.2015.7.14, consider disabling the DrvAgent64.sys driver until a patch is available to prevent potential exploitation. Restrict access to the IOCTL 0x800020F4 to minimize the risk of exploitation. Avoid using user-defined content in the buffer for the wrmsr instruction until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-19522

Affected Products

Driveragent

PT-2018-14980 · Unknown · Driveragent

CVE-2018-19522

Weakness Enumeration

Related Identifiers

Affected Products

References · 3