Lucene search

K
cve[email protected]CVE-2021-21788
HistoryJul 07, 2021 - 5:15 p.m.

CVE-2021-21788

2021-07-0717:15:07
CWE-782
web.nvd.nist.gov
34
3
cve
2021
21788
privilege escalation
iobit
advanced systemcare ultimate
vulnerability
driver
io write
ioctl
local attacker
nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this vulnerability.

Affected configurations

Vulners
NVD
Node
iobitiobit_unlockerRange14.2.0.220
VendorProductVersionCPE
iobitiobit_unlocker*cpe:2.3:a:iobit:iobit_unlocker:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Iobit",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "IOBit Advanced SystemCare Ultimate 14.2.0.220"
      }
    ]
  }
]

Social References

More

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2021-21788