CVE-2021-26943

Published: 31/03/2021 Updated: 07/04/2021

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.2 | Impact Score: 6 | Exploitability Score: 1.5

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3).

Vulnerable Product	Search on Vulmon	Subscribe to Product
asus ux360ca bios

The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.

SmmExploit This is a report and an exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303 The issue was fixed in the version 304 Issue Description Summary UX360CA BIOS version 303 has 3 vulnerable modules that allow an attacker with the ring0 privilege to overwrite nearly arbitrary physical memory including SMRAM

NVD-CWE-noinfo https://www.asus.com/support/FAQ/1045541/https://www.youtube.com/watch?v=1H3AfaVyeuk https://nvd.nist.gov https://github.com/tandasat/SmmExploit

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-26943

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect