PT-2020-10161 · Patriot · Patriot Viper Rgb

Published

2020-02-21

Updated

2020-02-25

CVE-2019-19452

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Patriot Viper RGB versions through 1.1

Description A buffer overflow issue was discovered when processing IoControlCode 0x80102040. This can be exploited by local attackers, including those with low integrity processes, to gain NT AUTHORITYSYSTEM privileges.

Recommendations For Patriot Viper RGB versions through 1.1, consider restricting access to the IoControlCode 0x80102040 until a patch is available. As a temporary workaround, limiting privileges for low integrity processes may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-19452

Affected Products

Patriot Viper Rgb

PT-2020-10161 · Patriot · Patriot Viper Rgb

CVE-2019-19452

Weakness Enumeration

Related Identifiers

Affected Products

References · 5