Vulnerability Details : CVE-2018-19323
Used for ransomware!
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
CVE-2018-19323 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
GIGABYTE Multiple Products Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Notes:
https://www.gigabyte.com/Support/Security/1801
Added on
2022-10-24
Action due date
2022-11-14
Exploit prediction scoring system (EPSS) score for CVE-2018-19323
Probability of exploitation activity in the next 30 days: 18.51%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-19323
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:C |
10.0
|
8.5
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2018-19323
-
https://www.gigabyte.com/Support/Security/1801
Software update for Potential security vulnerabilities in GIGABYTE software | Security & Technical Advisory - GIGABYTE Global
-
https://www.gigabyte.com/tw/Support/Utility/Graphics-Card
工具程式 | 服務 / 支援 - GIGABYTE 技嘉科技
-
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
GIGABYTE Drivers Elevation of Privilege Vulnerabilities | SecureAuthExploit;Third Party Advisory
-
http://www.securityfocus.com/bid/106252
Multiple GIGABYTE Products Multiple Arbitrary Code Execution VulnerabilitiesThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2018/Dec/39
Full Disclosure: [CORE-2018-0007] - GIGABYTE Driver Elevation of Privilege VulnerabilitiesExploit;Mailing List;Third Party Advisory
Products affected by CVE-2018-19323
- cpe:2.3:a:gigabyte:aorus_graphics_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:gigabyte:oc_guru_ii:2.08:*:*:*:*:*:*:*
- cpe:2.3:a:gigabyte:xtreme_gaming_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:gigabyte:gigabyte_app_center:*:*:*:*:*:*:*:*