#VU15550 Privilege escalation in ASRock products - CVE-2018-10709
Published: October 26, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU15550
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2018-10709
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
Software vendor:
ASRock
ASRock
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to the drivers expose functionality to read and write control register (CR) values. A remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to the drivers expose functionality to read and write control register (CR) values. A remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update ASRock RGBLED to version 1.0.36
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.