Multiple vulnerabilities in IOBit Advanced SystemCare Ultimate



Published: 2021-07-08
Risk Low
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2021-21785
CVE-2021-21792
CVE-2021-21791
CVE-2021-21790
CVE-2021-21789
CVE-2021-21788
CVE-2021-21787
CVE-2021-21786
CWE-ID CWE-782
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Advanced SystemCare Ultimate
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor IObit

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Exposed IOCTL with Insufficient Access Control

EUVDB-ID: #VU54598

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21785

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local user to disclose the sensitive information.

The vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate. A local user can use a specially crafted I/O request packet (IRP) and gain access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Advanced SystemCare Ultimate: 14.2.0.220

External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1252


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Exposed IOCTL with Insufficient Access Control

EUVDB-ID: #VU54605

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21792

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local user to disclose the sensitive information.

The vulnerability exists the way IOBit Advanced SystemCare Ultimate driver handles Privileged I/O read requests within IN dword. A local user can use a specially crafted I/O request packet (IRP) and gain access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Advanced SystemCare Ultimate: 14.2.0.220

External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Exposed IOCTL with Insufficient Access Control

EUVDB-ID: #VU54604

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21791

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local user to disclose the sensitive information.

The vulnerability exists the way IOBit Advanced SystemCare Ultimate driver handles Privileged I/O read requests within IN word. A local user can use a specially crafted I/O request packet (IRP) and gain access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Advanced SystemCare Ultimate: 14.2.0.220

External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Exposed IOCTL with Insufficient Access Control

EUVDB-ID: #VU54603

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21790

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local user to disclose the sensitive information.

The vulnerability exists the way IOBit Advanced SystemCare Ultimate driver handles Privileged I/O read requests within IN byte. A local user can use a specially crafted I/O request packet (IRP) and gain access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Advanced SystemCare Ultimate: 14.2.0.220

External links

http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1255


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Exposed IOCTL with Insufficient Access Control

EUVDB-ID: #VU54602

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21789

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain elevated privileges on the system.

The vulnerability exists the way IOBit Advanced SystemCare Ultimate driver handles Privileged I/O write requests within OUT dword. A local user can use a specially crafted I/O request packet (IRP) and escalate privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Advanced SystemCare Ultimate: 14.2.0.220

External links

http://talosintelligence.com/vulnerability_reports/TALOS-2021-1254


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Exposed IOCTL with Insufficient Access Control

EUVDB-ID: #VU54601

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21788

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain elevated privileges on the system.

The vulnerability exists the way IOBit Advanced SystemCare Ultimate driver handles Privileged I/O write requests within OUT word. A local user can use a specially crafted I/O request packet (IRP) and escalate privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Advanced SystemCare Ultimate: 14.2.0.220

External links

http://talosintelligence.com/vulnerability_reports/TALOS-2021-1254


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Exposed IOCTL with Insufficient Access Control

EUVDB-ID: #VU54600

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21787

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain elevated privileges on the system.

The vulnerability exists the way IOBit Advanced SystemCare Ultimate driver handles Privileged I/O write requests within OUT byte. A local user can use a specially crafted I/O request packet (IRP) and escalate privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Advanced SystemCare Ultimate: 14.2.0.220

External links

http://talosintelligence.com/vulnerability_reports/TALOS-2021-1254


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Exposed IOCTL with Insufficient Access Control

EUVDB-ID: #VU54599

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21786

CWE-ID: CWE-782 - Exposed IOCTL with Insufficient Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain elevated privileges on the system.

The vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate. A local user can use a specially crafted I/O request packet (IRP) and escalate privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Advanced SystemCare Ultimate: 14.2.0.220

External links

http://talosintelligence.com/vulnerability_reports/TALOS-2021-1253


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###