Cyber Resilience

CVE-2024-33219

HighPublic PoC

Published: 22 May 2024

Published
22 May 2024
Modified
18 April 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 31.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33219 is a high-severity Exposed IOCTL with Insufficient Access Control (CWE-782) vulnerability in Asus Sabertooth X99 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Vulnerability in AsIO64.sys driver enables privilege escalation and arbitrary code execution via crafted IOCTL requests, directly facilitating T1068: Exploitation for Privilege Escalation.

Affected Assets

asus
sabertooth x99 firmware
1.0.1.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References