PT-2019-15697 · Patriot · Patriot Viper Rgb
Hashim Jawad
·
Published
2019-11-09
·
Updated
2020-03-18
·
CVE-2019-18845
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Patriot Viper RGB versions prior to 1.1
Description
The issue allows local users, including those with low integrity processes, to read and write to arbitrary memory locations. This can lead to the gain of NT AUTHORITYSYSTEM privileges by mapping DevicePhysicalMemory into the calling process via
ZwOpenSection and ZwMapViewOfSection functions.Recommendations
For Patriot Viper RGB versions prior to 1.1, update to version 1.1 or later to resolve the issue.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Patriot Viper Rgb