AttackerKBAKB:434CECFE-43DC-4446-9C55-3EDFD6742827CVE-2020-17382
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
Recent assessments:
bwatters-r7 at September 09, 2020 6:09pm UTC reported:
This is a vulnerability in the MSI AmbientLink Version 1.0.0.8. The vulnerability allows a regular user access to a Windows device created by the msio driver provided for the MSI Ambientlink system.
The software device is vulnerable to a buffer overflow attack because it assumes that the received buffer will always be less than 48 bytes, apparently, even when longer lengths are specified by the IOCTL request.
Realistically, as this software runs LED lights on MSI gaming motherboards, it is unlikely to pose a large threat to corporate environments and instead, poses a larger threat to home users or individually-managed PCs, making the patching process significantly easier. I imagine it is also possible to simply remove the software temporarily.
See <https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities> for a more in-depth analysis and PoC code.
gwillcox-r7 at September 24, 2020 5:14pm UTC reported:
This is a vulnerability in the MSI AmbientLink Version 1.0.0.8. The vulnerability allows a regular user access to a Windows device created by the msio driver provided for the MSI Ambientlink system.
The software device is vulnerable to a buffer overflow attack because it assumes that the received buffer will always be less than 48 bytes, apparently, even when longer lengths are specified by the IOCTL request.
Realistically, as this software runs LED lights on MSI gaming motherboards, it is unlikely to pose a large threat to corporate environments and instead, poses a larger threat to home users or individually-managed PCs, making the patching process significantly easier. I imagine it is also possible to simply remove the software temporarily.
See <https://www.coresecurity.com/core-labs/advisories/msi-ambient-link-multiple-vulnerabilities> for a more in-depth analysis and PoC code.
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 4
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C