CVE-2021-21791
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
Se presenta una vulnerabilidad de divulgación de información en la manera en que el controlador IOBit Advanced SystemCare Ultimate 14.2.0.220, maneja las peticiones de lectura de I/O privilegiado. Un paquete de petición de I/O (IRP) especialmente diseñado puede conllevar a lecturas privilegiadas en el contexto de un controlador que puede resultar en la divulgación de información confidencial del kernel. La instrucción IN puede leer dos bytes del dispositivo de I/O dado, filtrando potencialmente datos confidenciales del dispositivo a usuarios no privilegiados
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-08-05 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-782: Exposed IOCTL with Insufficient Access Control
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1255 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Iobit Search vendor "Iobit" | Advanced Systemcare Ultimate Search vendor "Iobit" for product "Advanced Systemcare Ultimate" | 14.2.0.220 Search vendor "Iobit" for product "Advanced Systemcare Ultimate" and version "14.2.0.220" | - |
Affected
|