ACTIVELabs
Powered by ACTIVECYBER, LLC
Powered by ACTIVECYBER, LLC
ACTIVE-2020-003: Trident Z Lighting Control Driver Local Privilege Escalation (CVE-2020-12446)4/27/2020 Vulnerability Type: Privilege Escalation Vendors: G.SKILL International Enterprise Co., Ltd. CVE ID: CVE-2020-12446 Affected Products:
ene.sys driver in Trident Z Lighting Control v1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users which leads to privilege escalation as “NT AUTHORITY\SYSTEM”. Mitigation:
The vendor has released a patch in version 1.00.17 addressing this vulnerability. Credit: This vulnerability was found by Hashim Jawad of ACTIVELabs. References:
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
Archives
July 2023
ACTIVELabs was created in 2018 to hunt and research undiscovered vulnerabilities, report them to vendors via responsible disclosure programs, publish advisories, develop and validate new patches, and to share this information for the advancement of the cybersecurity community. ACTIVELabs was established with the mission of securing our ever-growing client base, partnerships, and the technology community as a whole.
We are actively providing the community with verified findings and research that leads to the creation of new Common Vulnerabilities and Exposures (CVEs) and updates to the National Vulnerability Database (NVD). For a full listing of all of our Advisories, visit our GitHub page here. |
©2022 ACTIVECYBER, LLC | All rights reserved | Privacy Policy
|