CVE-2020-15480 - Vulnerability Details - OpenCVE

An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Passmark	Burnintest Osforensics Performancetest

Configuration 1 [-]

OR	cpe:2.3:a:passmark:burnintest::::::::
	cpe:2.3:a:passmark:osforensics::::::::
	cpe:2.3:a:passmark:performancetest::::::::

No data.

References

Link	Providers
https://github.com/eset/vulnerability-disclosures
https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md
https://www.passmark.com/forum/index.php
https://www.passmark.com/support/index.php

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-07T20:06:45

Updated: 2024-08-04T13:15:20.691Z

Reserved: 2020-07-01T00:00:00

Link: CVE-2020-15480

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-08-07T21:15:10.537

Modified: 2024-11-21T05:05:36.140

Link: CVE-2020-15480

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-20T12:14:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/eset/vulnerability-disclosures"}, {"tags": ["x_refsource_MISC"], "url": "https://www.passmark.com/forum/index.php"}, {"tags": ["x_refsource_MISC"], "url": "https://www.passmark.com/support/index.php"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15480", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/eset/vulnerability-disclosures", "refsource": "MISC", "url": "https://github.com/eset/vulnerability-disclosures"}, {"name": "https://www.passmark.com/forum/index.php", "refsource": "MISC", "url": "https://www.passmark.com/forum/index.php"}, {"name": "https://www.passmark.com/support/index.php", "refsource": "MISC", "url": "https://www.passmark.com/support/index.php"}, {"name": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md", "refsource": "MISC", "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:15:20.691Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/eset/vulnerability-disclosures"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.passmark.com/forum/index.php"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.passmark.com/support/index.php"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15480", "datePublished": "2020-08-07T20:06:45", "dateReserved": "2020-07-01T00:00:00", "dateUpdated": "2024-08-04T13:15:20.691Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:passmark:burnintest:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCFF39A7-3802-4894-8F34-1229377FC16C", "versionEndIncluding": "9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:passmark:osforensics:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AF580B6-AA3A-4067-A992-9F23909E8990", "versionEndIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:passmark:performancetest:*:*:*:*:*:*:*:*", "matchCriteriaId": "A037C148-281D-4C87-AFE8-7C692DE81C4B", "versionEndIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys."}, {"lang": "es", "value": "Se detect\u00f3 un problema en PassMark BurnInTest versiones hasta 9.1, OSForensics hasta el 7.1, y PerformanceTest hasta 10. El controlador del kernel expone la funcionalidad IOCTL que permite a los usuarios con pocos privilegios leer y escribir en Registros Espec\u00edficos de Modelos (MSRs) arbitrarios. Esto podr\u00eda conducir a la ejecuci\u00f3n arbitraria del c\u00f3digo Ring-0 y a la escalada de privilegios. Esto afecta a DirectIo32.sys y DirectIo64.sys."}], "id": "CVE-2020-15480", "lastModified": "2024-11-21T05:05:36.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-07T21:15:10.537", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/eset/vulnerability-disclosures"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.passmark.com/forum/index.php"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.passmark.com/support/index.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/eset/vulnerability-disclosures"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/eset/vulnerability-disclosures/blob/master/CVE-2020-15480/CVE-2020-15480.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.passmark.com/forum/index.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.passmark.com/support/index.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}