Vulnerability Description
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pcanalyser | Pc Analyser | <= 4.10 |
References
- http://www.pcanalyser.de/index.php/historie/Release NotesVendor Advisory
- https://github.com/eset/vulnerability-disclosuresThird Party Advisory
- https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-28921/CVEExploitThird Party Advisory
- http://www.pcanalyser.de/index.php/historie/Release NotesVendor Advisory
- https://github.com/eset/vulnerability-disclosuresThird Party Advisory
- https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-28921/CVEExploitThird Party Advisory
FAQ
What is CVE-2020-28921?
CVE-2020-28921 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model ...
How severe is CVE-2020-28921?
CVE-2020-28921 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-28921?
Check the references section above for vendor advisories and patch information. Affected products include: Pcanalyser Pc Analyser.