PT-2024-21411 · Finalwire · Finalwire Airda Extreme+3
H0Mbre
+1
·
Published
2024-06-10
·
Updated
2024-07-03
·
CVE-2024-26507
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FinalWire AIRDA Extreme versions 7.00.6700 and before
AIDA64 Engineer versions 7.00.6700 and before
AIDA64 Business versions 7.00.6700 and before
AIDA64 Network Audit versions 7.00.6700 and before
Description
An issue in the mentioned software allows a local attacker to escalate privileges via the
DeviceIoControl call associated with components such as MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages.Recommendations
For versions 7.00.6700 and before of FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, and AIDA64 Network Audit, consider disabling the
DeviceIoControl call associated with the vulnerable components as a temporary workaround until a patch is available.
Restrict access to the MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages components to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability. Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aida64 Business
Aida64 Engineer
Aida64 Network Audit
Finalwire Airda Extreme