CVE-2024-33219
Published: 22 May 2024
Summary
CVE-2024-33219 is a high-severity Exposed IOCTL with Insufficient Access Control (CWE-782) vulnerability in Asus Sabertooth X99 Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30964
Vulnerability details
An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in AsIO64.sys driver enables privilege escalation and arbitrary code execution via crafted IOCTL requests, directly facilitating T1068: Exploitation for Privilege Escalation.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.