Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2018-19321

Published: 21/12/2018 Updated: 19/05/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Gigabyte

Vulnerability Summary

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and previous versions, AORUS GRAPHICS ENGINE prior to 1.57, XTREME GAMING ENGINE prior to 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local malicious user to elevate privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gigabyte app center

gigabyte aorus graphics engine

gigabyte xtreme gaming engine

gigabyte oc guru ii 2.08

Exploits

Exploit DB: GIGABYTE Driver Privilege Escalation
Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges Affected versions include GIGABYTE APP Center 10521 and below, AORUS GRAPHICS ENGINE 133 and below, XTREME GAMING ENGINE 125 and ...

Github Repositories

https://github.com/nanabingies/CVE-2018-19321

CVE-2018-19321

CVE-2018-19321 CVE-2018-19321 Description The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v10521 and earlier, AORUS GRAPHICS ENGINE before 157, XTREME GAMING ENGINE before 126, and OC GURU II v208 expose functionality to read and write arbitrary physical memory This could be leveraged by a local attacker to elevate privileges

https://github.com/nanabingies/Driver-RW

Page Table Manipulation -- CVE-2018-19321

Driver-RW Elevate to NT AUTHORITY\SYSTEM with CVE-2018-19321 Tested on WIndows 10 v1511

References

NVD-CWE-noinfohttps://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilitieshttp://www.securityfocus.com/bid/106252http://seclists.org/fulldisclosure/2018/Dec/39https://www.gigabyte.com/Support/Security/1801https://nvd.nist.govhttps://github.com/nanabingies/CVE-2018-19321https://packetstormsecurity.com/files/150894/GIGABYTE-Driver-Privilege-Escalation.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook