admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2017/CVE-2017-3196.md

20 lines
1.0 KiB
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2017-3196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3196)
![](https://img.shields.io/static/v1?label=Product&message=ASUS%20PCE-AC56%20WLAN%20Card%20Utilities&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%3A%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen)
### Description
PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.
### POC
#### Reference
- http://blog.rewolf.pl/blog/?p=1778
- https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/
- https://www.kb.cert.org/vuls/id/600671
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink