Lucene search

MitreCVE-2019-17603

HistoryJun 02, 2020 - 3:15 p.m.

CVE-2019-17603

2020-06-0215:15:11

CWE-787

mitre

web.nvd.nist.gov

cve-2019-17603

asus aura sync

ene.sys

denial of service

privilege escalation

memory corruption

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

Affected configurations

Nvd

Node

asusaura_syncRange≤1.07.71

VendorProductVersionCPE
asusaura_sync*cpe:2.3:a:asus:aura_sync:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asus	aura_sync	*	cpe:2.3:a:asus:aura_sync::::::::

References

packetstormsecurity.com/files/158221/ASUS-Aura-Sync-1.07.71-Privilege-Escalation.html

zer0-day.pw/2020-06/asus-aura-sync-stack-based-buffer-overflow/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-17603