Sign-up

ID

VAR-202003-1538


CVE

CVE-2020-9756


TITLE

Patriot Viper RGB Driver Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002465

DESCRIPTION

Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a number of ways to ultimately run code with elevated privileges. (DoS) It may be put into a state. Patriot Viper RGB is a memory module device of Patriot Company of Taiwan, China. Patriot Viper RGB Driver is its driver. Attackers can use IOCTL Codes 0x80102050 and 0x80102054 to exploit this vulnerability to execute arbitrary code with elevated privileges

Trust: 2.16

sources: NVD: CVE-2020-9756 // JVNDB: JVNDB-2020-002465 // CNNVD: CNNVD-202003-236

AFFECTED PRODUCTS

vendor:patriotmemorymodel:viper rgbscope:lteversion:1.1

Trust: 1.0

vendor:patriot memorymodel:viper rgbscope:eqversion:1.1

Trust: 0.8

sources: JVNDB: JVNDB-2020-002465 // NVD: CVE-2020-9756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9756
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002465
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202003-236
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9756
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002465
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-9756
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002465
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-002465 // CNNVD: CNNVD-202003-236 // NVD: CVE-2020-9756

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2020-002465 // NVD: CVE-2020-9756

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-236

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-236

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002465

PATCH
title:Top Pageurl:https://viper.patriotmemory.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002465

EXTERNAL IDS
db:NVDid:CVE-2020-9756
Trust: 2.4
db:JVNDBid:JVNDB-2020-002465
Trust: 0.8
db:CNNVDid:CNNVD-202003-236
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002465 // 
            
            
            
            CNNVD: CNNVD-202003-236 // 
            
            
            
            NVD: CVE-2020-9756

REFERENCES
url:https://www.coresecurity.com/advisories/viper-rgb-driver-multiple-vulnerabilities
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-9756
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9756
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002465 // 
            
            
            
            CNNVD: CNNVD-202003-236 // 
            
            
            
            NVD: CVE-2020-9756

SOURCES
db:JVNDBid:JVNDB-2020-002465
db:CNNVDid:CNNVD-202003-236
db:NVDid:CVE-2020-9756

LAST UPDATE DATE
2024-11-23T23:11:32.173000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-002465date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-236date:2020-03-26T00:00:00
db:NVDid:CVE-2020-9756date:2024-11-21T05:41:13.437

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-002465date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-236date:2020-03-06T00:00:00
db:NVDid:CVE-2020-9756date:2020-03-06T15:15:14.127