Vulnerability Details CVE-2019-18845
The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.1%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 3.6
References
Products affected by CVE-2019-18845
-
cpe:2.3:h:patriotmemory:viper_rgb:-
-
cpe:2.3:o:patriotmemory:viper_rgb_firmware:1.0