CVE-2020-10234

{"id": "CVE-2020-10234", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-02-05T19:15:11.853", "references": [{"url": "https://github.com/FULLSHADE/Kernel-exploits", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/FULLSHADE/Kernel-exploits/tree/master/AscRegistryFilter.sys", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.iobit.com/en/advancedsystemcarefree.php", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \\DosDevices\\AscRegistryFilter and \\Device\\AscRegistryFilter are affected."}, {"lang": "es", "value": "El controlador del kernel AscRegistryFilter.sys en IObit Advanced SystemCare versi\u00f3n 13.2, permite a un usuario no privilegiado enviar un IOCTL hacia el controlador del dispositivo. Si el usuario proporciona una entrada NULL para el par\u00e1metro dwIoControlCode, sigue un p\u00e1nico del kernel (tambi\u00e9n se conoce como BSOD). Los c\u00f3digos IOCTL que pueden ser encontrados en la funci\u00f3n dispatch: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \\DosDevices\\AscRegistryFilter y \\Device\\AscRegistryFilter est\u00e1n afectadas"}], "lastModified": "2021-02-08T22:00:26.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iobit:advanced_systemcare:13.2:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "08C9833E-767E-4B58-B3F9-5A9A3F3EADBF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}