How severe is CVE-2021-21788?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-21788?

This is classified as CWE-782, which is a common weakness in software security.

CVE-2021-21788 - HIGH Severity | CVSS 8.8

Vulnerability Description

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this vulnerability.

Related Vulnerabilities

CVE-2021-21786

HIGH

CVSS:8.8(High)

A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privil...

CWE-7822021

CVE-2021-21787

HIGH

CVSS:8.8(High)

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in th...

CWE-7822021

CVE-2021-21789

HIGH

CVSS:8.8(High)

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in th...

CWE-7822021

CVE-2024-33220

HIGH

CVSS:8.8(High)

An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

CWE-7822024

CVE-2024-33222

HIGH

CVSS:8.4(High)

An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

CWE-7822024

CVE-2024-30804

CRITICAL

CVSS:9.8(Critical)

An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.

CWE-7822024