Main
Vulnerability Database
Exploits
ID:6152 - Exploit for Privilege escalation in ASRock products - CVE-2018-10711
ID:6152 - Exploit for Privilege escalation in ASRock products - CVE-2018-10711
Published: June 17, 2021
Vulnerability identifier: #VU15551
Vulnerability risk: High
CVE-ID: CVE-2018-10711
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to the drivers expose functionality to read and write Machine Specific Registers (MSRs). A remote attacker can execute arbitrary ring-0 code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to the drivers expose functionality to read and write Machine Specific Registers (MSRs). A remote attacker can execute arbitrary ring-0 code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update ASRock RGBLED to version 1.0.36
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.