{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-31096", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2023-10-10T18:05:34.641823", "dateReserved": "2023-04-24T00:00:00", "datePublished": "2023-10-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-10T18:05:34.641823"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.broadcom.com"}, {"url": "https://cschwarz1.github.io/posts/0x04/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:lsi_pci-sv92ex_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B800F3FF-2B88-4135-9E76-CDA5B582F00D", "versionEndIncluding": "2.2.100.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:broadcom:lsi_pci-sv92ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EE609F6-C73C-4152-B748-4860C45D8BB7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver hasta 2.2.100.1 (tambi\u00e9n conocido como AGRSM64.sys). Hay una escalada de privilegios local al SYSTEM a trav\u00e9s de un desbordamiento de pila en RTLCopyMemory (IOCTL 0x1b2150). Un atacante puede aprovechar esto para elevar los privilegios de un proceso de integridad media al SYSTEM. Esto tambi\u00e9n se puede utilizar para omitir protecciones a nivel de kernel como AV o PPL, porque el c\u00f3digo de explotaci\u00f3n se ejecuta con privilegios de alta integridad y se puede utilizar en campa\u00f1as coordinadas de ransomware BYOVD (traiga su propio controlador vulnerable)."}], "id": "CVE-2023-31096", "lastModified": "2023-10-18T20:27:16.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-10T19:15:09.530", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cschwarz1.github.io/posts/0x04/"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://www.broadcom.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}