Sign-up

ID

VAR-201911-0635


CVE

CVE-2019-18845


TITLE

Patriot Viper RGB Vulnerability in Permission Management

Trust: 0.8

sources: JVNDB: JVNDB-2019-011729

DESCRIPTION

The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. Patriot Viper RGB Contains a privilege management vulnerability.Information may be obtained and information may be altered. Patriot Viper RGB is a memory module device of Patriot company in Taiwan, China. A local attacker can use this vulnerability to perform read and write operations on memory at any location, thereby gaining NT AUTHORITYSYSTEM permissions

Trust: 2.79

sources: NVD: CVE-2019-18845 // JVNDB: JVNDB-2019-011729 // CNVD: CNVD-2019-41649 // CNNVD: CNNVD-201911-492 // VULMON: CVE-2019-18845

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-41649

AFFECTED PRODUCTS

vendor:patriotmemorymodel:viper rgbscope:eqversion:1.0

Trust: 1.0

vendor:patriot memorymodel:viper rgbscope:ltversion:1.1

Trust: 0.8

vendor:patriotmodel:viper rgbscope:ltversion:1.1

Trust: 0.6

sources: CNVD: CNVD-2019-41649 // JVNDB: JVNDB-2019-011729 // NVD: CVE-2019-18845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18845
value: HIGH

Trust: 1.0

NVD: CVE-2019-18845
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-41649
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-492
value: HIGH

Trust: 0.6

VULMON: CVE-2019-18845
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-18845
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-41649
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18845
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-18845
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-41649 // VULMON: CVE-2019-18845 // JVNDB: JVNDB-2019-011729 // CNNVD: CNNVD-201911-492 // NVD: CVE-2019-18845

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.8

sources: JVNDB: JVNDB-2019-011729 // NVD: CVE-2019-18845

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-492

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-492

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011729

PATCH
title:Top Pageurl:https://www.patriotmemory.com/
Trust: 0.8
title:Patch for Patriot Viper RGB Local Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/191419
Trust: 0.6
title:Patriot Viper RGB Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102025
Trust: 0.6
title:Sharp-Suiteurl:https://github.com/FuzzySecurity/Sharp-Suite 
Trust: 0.1
title:KDUurl:https://github.com/hfiref0x/KDU 
Trust: 0.1
title:WindowsExploitationResourcesurl:https://github.com/FULLSHADE/WindowsExploitationResources 
Trust: 0.1
title:windows-privilage-escalationurl:https://github.com/onlinepetersteve/windows-privilage-escalation 
Trust: 0.1
title:exploiturl:https://github.com/Ondrik8/exploit 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41649 // 
            
            
            
            VULMON: CVE-2019-18845 // 
            
            
            
            JVNDB: JVNDB-2019-011729 // 
            
            
            
            CNNVD: CNNVD-201911-492

EXTERNAL IDS
db:NVDid:CVE-2019-18845
Trust: 3.1
db:JVNDBid:JVNDB-2019-011729
Trust: 0.8
db:CNVDid:CNVD-2019-41649
Trust: 0.6
db:CNNVDid:CNNVD-201911-492
Trust: 0.6
db:VULMONid:CVE-2019-18845
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41649 // 
            
            
            
            VULMON: CVE-2019-18845 // 
            
            
            
            JVNDB: JVNDB-2019-011729 // 
            
            
            
            CNNVD: CNNVD-201911-492 // 
            
            
            
            NVD: CVE-2019-18845

REFERENCES
url:https://github.com/active-labs/advisories/blob/master/active-2019-012.md
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-18845
Trust: 2.0
url:https://github.com/active-labs/advisories/blob/master/2019/active-2019-012.md
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18845
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/269.html
Trust: 0.1
url:https://github.com/fuzzysecurity/sharp-suite
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/171275
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41649 // 
            
            
            
            VULMON: CVE-2019-18845 // 
            
            
            
            JVNDB: JVNDB-2019-011729 // 
            
            
            
            CNNVD: CNNVD-201911-492 // 
            
            
            
            NVD: CVE-2019-18845

SOURCES
db:CNVDid:CNVD-2019-41649
db:VULMONid:CVE-2019-18845
db:JVNDBid:JVNDB-2019-011729
db:CNNVDid:CNNVD-201911-492
db:NVDid:CVE-2019-18845

LAST UPDATE DATE
2024-11-23T22:58:29.007000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41649date:2019-11-21T00:00:00
db:VULMONid:CVE-2019-18845date:2020-03-18T00:00:00
db:JVNDBid:JVNDB-2019-011729date:2019-11-18T00:00:00
db:CNNVDid:CNNVD-201911-492date:2020-03-19T00:00:00
db:NVDid:CVE-2019-18845date:2024-11-21T04:33:41.950

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-41649date:2019-11-21T00:00:00
db:VULMONid:CVE-2019-18845date:2019-11-09T00:00:00
db:JVNDBid:JVNDB-2019-011729date:2019-11-18T00:00:00
db:CNNVDid:CNNVD-201911-492date:2019-11-09T00:00:00
db:NVDid:CVE-2019-18845date:2019-11-09T18:15:10.950