Lucene search

K
cvelistFluid AttacksCVELIST:CVE-2024-0788
HistoryJan 29, 2024 - 4:20 p.m.

CVE-2024-0788 SUPERAntiSpyware Pro X v10.0.1260 - Kernel-level API parameters manipulation

2024-01-2916:20:53
CWE-20
Fluid Attacks
www.cve.org
cve-2024-0788
api manipulation
denial of service
ioctl code
saskutil64.sys
kernel-level vulnerability

5.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "SUPERAntiSpyware Pro X",
    "vendor": "SUPERAntiSpyware",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.1260"
      }
    ]
  }
]

5.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-0788