CVE-2019-18845 — HIGH (7.1)

Vulnerability Description

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Patriotmemory	Viper Rgb Firmware	1.0
Patriotmemory	Viper Rgb	-

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2019-18845?

CVE-2019-18845 is a vulnerability with a CVSS score of 7.1 (HIGH). The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AU...

How severe is CVE-2019-18845?

CVE-2019-18845 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18845?

Check the references section above for vendor advisories and patch information. Affected products include: Patriotmemory Viper Rgb Firmware, Patriotmemory Viper Rgb.