CVE-2018-19522

{"id": "CVE-2018-19522", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-12-18T16:29:00.813", "references": [{"url": "https://downwithup.github.io/CVEPosts.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://downwithup.github.io/CVEPosts.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input."}, {"lang": "es", "value": "DriverAgent 2.2015.7.14, que incluye DrvAgent64.sys, en su versi\u00f3n 1.0.0.1 permite que un usuario env\u00ede una llamada IOCTL (0x800020F4) con un b\u00fafer que contiene contenidos definidos por el usuario. La subrutina del controlador ejecutar\u00e1 una instrucci\u00f3n wrmsr con el b\u00fafer del usuario como entrada parcial."}], "lastModified": "2024-11-21T03:58:05.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:driveragent:driveragent:2.2015.7.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22803FF7-5998-495D-9B74-A6381A7677DA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}