Attacker Value
High
(1 user assessed)
Exploitability
Very Low
(1 user assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Network
0

CVE-2019-7244

Disclosure Date: March 25, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.

Add Assessment

6
Ratings
Technical Analysis

This vulnerability takes advantage of an exposed IOCTL code (0x80112084) within the kerneld.sys driver that’s included within AIDA64. One of the control registers in the x86 instruction set is known as the MSR, the Model specific register is used for debugging, program execution tracing, computer performance monitoring and managing and toggling certain CPU functionality.. This driver instructs a binary to modify this register on the victim system, and successful exploitation of this vulnerability can allow for ring-0 code execution from an unauthorized and unauthenticated user mode standpoint. Successful exploitation of an exposed write WRMSR instruction can give us a pointer overwrite primitive. Because this driver does not appropriately filter access to MSRs which will allow an attacker to overwrite It and our pointer is called in ring-0.

The commonly used technique for this, is an attacked will use this R/W from the physical MSR register, and use that to traverse SYSTEM processes EPROCESS structure for SYSTEM level tokens, and either spawning a new process or swapping the new SYSTEM token with their current processes.

On January 1st FireEye contacted the vendor with disclosure of the vulnerability. And on November 4th, 2019 FireEye verified that the issue was successfully resolved.

The recommended mitigation is to update your current AIDA64 with the latest provided version of the software.

CVSS V3 Severity and Metrics
Base Score:
7.2 High
Impact Score:
5.9
Exploitability Score:
1.2
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Additional Info

Technical Analysis