Vulnerability Details : CVE-2020-36603
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.
Vulnerability category: Execute code
Products affected by CVE-2020-36603
- cpe:2.3:a:hoyoverse:mhyprot2:1.0.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36603
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36603
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
0.6
|
5.9
|
NIST |
References for CVE-2020-36603
-
https://github.com/kkent030315/evil-mhyprot-cli
GitHub - kkent030315/evil-mhyprot-cli: A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.Third Party Advisory
-
https://www.vice.com/en/article/y3p35w/hackers-are-using-anti-cheat-in-genshin-impact-to-ransom-victims
Hackers Are Using Anti-Cheat in 'Genshin Impact' to Ransom VictimsExploit;Press/Media Coverage;Third Party Advisory
-
https://github.com/kagurazakasanae/Mhyprot2DrvControl
GitHub - kagurazakasanae/Mhyprot2DrvControl: A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.Third Party Advisory
-
https://web.archive.org/web/20211204031301/https://www.godeye.club/2021/05/20/001-disclosure-mhyprot.html
Disclosure: The Mhyprot Vulnerability - Genshin Impact | GodEye.clubExploit;Third Party Advisory
-
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill AntivirusExploit;Third Party Advisory
Jump to