Vulnerability Details CVE-2020-15480
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 7.2
References
- https://github.com/eset/vulnerability-disclosures
- https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md
- https://www.passmark.com/forum/index.php
- https://www.passmark.com/support/index.php
- https://github.com/eset/vulnerability-disclosures
- https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md
- https://www.passmark.com/forum/index.php
- https://www.passmark.com/support/index.php
Products affected by CVE-2020-15480
-
cpe:2.3:a:passmark:burnintest:9.0
-
cpe:2.3:a:passmark:burnintest:9.1
-
cpe:2.3:a:passmark:osforensics:4.0.1002
-
cpe:2.3:a:passmark:osforensics:5.2.1007
-
cpe:2.3:a:passmark:osforensics:6.1.1005
-
cpe:2.3:a:passmark:osforensics:7.1
-
cpe:2.3:a:passmark:performancetest:10.0
-
cpe:2.3:a:passmark:performancetest:5.0
-
cpe:2.3:a:passmark:performancetest:6.0
-
cpe:2.3:a:passmark:performancetest:6.1
-
cpe:2.3:a:passmark:performancetest:7.0
-
cpe:2.3:a:passmark:performancetest:8.0
-
cpe:2.3:a:passmark:performancetest:9.0