Lucene search

[email protected]NVD:CVE-2024-33218

HistoryMay 22, 2024 - 3:15 p.m.

CVE-2024-33218

2024-05-2215:15:28

CWE-782

[email protected]

web.nvd.nist.gov

asustek computer inc

usb 3.0

privilege escalation

arbitrary code execution

ioctl requests

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

JSON

An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

References

github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33218

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

JSON

Related for NVD:CVE-2024-33218

vulnrichment1 cve1 cvelist1