CVE-2019-18845

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

CVSS v3 7.1 HIGH
CVSS v2.0 3.6 LOW

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-012.md

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:patriotmemory:viper_rgb_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:patriotmemory:viper_rgb:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-09 18:15

Updated : 2020-03-18 19:15

NVD link : CVE-2019-18845

Mitre link : CVE-2019-18845

CVE.ORG link : CVE-2019-18845

JSON object : View

Products Affected

patriotmemory

viper_rgb
viper_rgb_firmware

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2019-18845", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2019-11-09T18:15:10.950", "references": [{"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-012.md", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\\SYSTEM privileges, by mapping \\Device\\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection."}, {"lang": "es", "value": "Los controladores MsIo64.sys y MsIo32.sys en Patriot Viper RGB versiones anteriores a 1.1, permiten a usuarios locales (incluyendo procesos de baja integridad) leer y escribir en ubicaciones de memoria arbitrarias y, en consecuencia, alcanzar privilegios NT AUTHORITY\\SYSTEM, mediante la asignaci\u00f3n de \\Device\\PhysicalMemory en el proceso de llamada por medio de las funciones ZwOpenSection y ZwMapViewOfSection."}], "lastModified": "2020-03-18T19:15:16.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:patriotmemory:viper_rgb_firmware:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CA998E6-7AFA-4853-B25F-B86D5F6E3748"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:patriotmemory:viper_rgb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA8AFF75-3BD6-4D7D-BD90-1A81FCF34610"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}