Exposed IOCTL with Insufficient Access Control

CVE-2024-33222

High

8.4/10

Summary

An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-782 - Exposed IOCTL with Insufficient Access Control

The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

References

Advisory Timeline

Published May 22, 2024

Exposed IOCTL with Insufficient Access Control

CVE-2024-33222

Summary

CWE-782 - Exposed IOCTL with Insufficient Access Control

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS