CVE-2024-33221High
Share link
Anyone with the link can open this vulnerability.
An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges an…
CVSS
7.8
High
EPSS
0.00
p8
Published
2024-01-01
Updated
2024-01-01
Description
An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
Tags · CWE
CWE-782
CWE-782VariantDraft
Exposed IOCTL with Insufficient Access Control
The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
https://cwe.mitre.org/data/definitions/782.html →Open in CWE collection →CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.002 · p8
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
No vulnerabilities match your filters.