CVE-2020-15480 - OpenCVE

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Passmark	Osforensics Burnintest Performancetest

Configuration 1 [-]

OR	cpe:2.3:a:passmark:burnintest::::::::
	cpe:2.3:a:passmark:osforensics::::::::
	cpe:2.3:a:passmark:performancetest::::::::

References

Link	Resource
https://github.com/eset/vulnerability-disclosures	Third Party Advisory
https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md	Exploit Third Party Advisory
https://www.passmark.com/forum/index.php	Vendor Advisory
https://www.passmark.com/support/index.php	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-07T20:06:45

Updated: 2020-08-20T12:14:37

Reserved: 2020-07-01T00:00:00

Link: CVE-2020-15480

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-08-07T21:15:10.537

Modified: 2022-05-03T13:00:40.130

Link: CVE-2020-15480

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-20T12:14:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/eset/vulnerability-disclosures"}, {"tags": ["x_refsource_MISC"], "url": "https://www.passmark.com/forum/index.php"}, {"tags": ["x_refsource_MISC"], "url": "https://www.passmark.com/support/index.php"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15480", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/eset/vulnerability-disclosures", "refsource": "MISC", "url": "https://github.com/eset/vulnerability-disclosures"}, {"name": "https://www.passmark.com/forum/index.php", "refsource": "MISC", "url": "https://www.passmark.com/forum/index.php"}, {"name": "https://www.passmark.com/support/index.php", "refsource": "MISC", "url": "https://www.passmark.com/support/index.php"}, {"name": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md", "refsource": "MISC", "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15480", "datePublished": "2020-08-07T20:06:45", "dateReserved": "2020-07-01T00:00:00", "dateUpdated": "2020-08-20T12:14:37", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:passmark:burnintest:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCFF39A7-3802-4894-8F34-1229377FC16C", "versionEndIncluding": "9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:passmark:osforensics:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AF580B6-AA3A-4067-A992-9F23909E8990", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:passmark:performancetest:*:*:*:*:*:*:*:*", "matchCriteriaId": "A037C148-281D-4C87-AFE8-7C692DE81C4B", "versionEndIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys."}, {"lang": "es", "value": "Se detect\u00f3 un problema en PassMark BurnInTest versiones hasta 9.1, OSForensics hasta el 7.1, y PerformanceTest hasta 10. El controlador del kernel expone la funcionalidad IOCTL que permite a los usuarios con pocos privilegios leer y escribir en Registros Espec\u00edficos de Modelos (MSRs) arbitrarios. Esto podr\u00eda conducir a la ejecuci\u00f3n arbitraria del c\u00f3digo Ring-0 y a la escalada de privilegios. Esto afecta a DirectIo32.sys y DirectIo64.sys."}], "id": "CVE-2020-15480", "lastModified": "2022-05-03T13:00:40.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-07T21:15:10.537", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/eset/vulnerability-disclosures"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.passmark.com/forum/index.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.passmark.com/support/index.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}