Published: 30/10/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asrock rgbled
asrock restart to uefi
asrock f-stream
asrock a-tuning

SecureAuth - SecureAuth Labs Advisory wwwsecureauthcom/ ASRock Drivers Elevation of Privilege Vulnerabilities 1 *Advisory Information* Title: ASRock Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0005 Advisory URL: wwwsecureauthcom/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities Date ...

ASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options Multiple vulnerabilities were found in AsrDrv101sys and AsrDrv102sys low level d ...

CWE-732 https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities https://www.exploit-db.com/exploits/45716/https://nvd.nist.gov https://www.exploit-db.com/exploits/45716/

CVE-2018-10709

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect