Lucene search

TalosCVELIST:CVE-2020-13515

HistoryDec 18, 2020 - 7:38 p.m.

CVE-2020-13515

2020-12-1819:38:31

CWE-269

talos

www.cve.org

privilege escalation

winring0x64 driver

irp 0x9c40a148

vulnerability

nzxt cam

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability.

CNA Affected

[
  {
    "product": "NZXT",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "NZXT CAM 4.8.0"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1112

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

Related for CVELIST:CVE-2020-13515