nvd-json-data-feeds/CVE-2021/CVE-2021-317xx/CVE-2021-31728.json

{
  "id": "CVE-2021-31728",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-05-17T13:15:07.803",
  "lastModified": "2022-07-12T17:42:04.277",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \\.\\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook with IOCTL 0x80002044 and execute the executable memory using this hook with IOCTL 0x80002014 or 0x80002018, this exposes ring 0 code execution in the context of the driver allowing the non-privileged process to elevate privileges."
    },
    {
      "lang": "es",
      "value": "Un control de acceso incorrecto en las bibliotecas zam64.sys, zam32.sys en MalwareFox AntiMalware versi\u00f3n 2.74.0.150, permite que un proceso no privilegiado abra un identificador para \\.\\ZemanaAntiMalware, se registre con el controlador mediante el env\u00edo de IOCTL 0x80002010, asigne memoria ejecutable usando un fallo en IOCTL 0x80002040, instale un hook con IOCTL 0x80002044 y ejecute la memoria ejecutable usando este hook con IOCTL 0x80002014 o 0x80002018, esto expone la ejecuci\u00f3n del c\u00f3digo del anillo 0 en el contexto del controlador, permitiendo que al proceso no privilegiado elevar privilegios"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:malwarefox:antimalware:2.74.0.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "851453D7-313B-44F0-807C-15C25CCD9AE5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/irql0/CVE-2021-31728/blob/master/CVE-2021-31728.md",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}