CVE-2019-18845

{"id": "CVE-2019-18845", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2019-11-09T18:15:10.950", "references": [{"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-012.md", "source": "cve@mitre.org"}, {"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-012.md", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\\SYSTEM privileges, by mapping \\Device\\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection."}, {"lang": "es", "value": "Los controladores MsIo64.sys y MsIo32.sys en Patriot Viper RGB versiones anteriores a 1.1, permiten a usuarios locales (incluyendo procesos de baja integridad) leer y escribir en ubicaciones de memoria arbitrarias y, en consecuencia, alcanzar privilegios NT AUTHORITY\\SYSTEM, mediante la asignaci\u00f3n de  \\Device\\PhysicalMemory en el proceso de llamada por medio de las funciones  ZwOpenSection y ZwMapViewOfSection."}], "lastModified": "2024-11-21T04:33:41.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:patriotmemory:viper_rgb_firmware:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CA998E6-7AFA-4853-B25F-B86D5F6E3748"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:patriotmemory:viper_rgb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA8AFF75-3BD6-4D7D-BD90-1A81FCF34610"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}