Wednesday, July 7, 2021

Vulnerability Spotlight: Information disclosure, privilege escalation vulnerabilities in IOBit Advanced SystemCare Ultimate



Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. 

Cisco Talos recently discovered multiple vulnerabilities in IOBit Advanced SystemCare Ultimate. 

IOBit Advanced SystemCare Ultimate is a system optimizer that promises to remove unwanted files and application from PCs to improve performance. The software allows users to view services running on their computer, processes that are using a large amount of memory and updates for other software. These vulnerabilities all exist in a monitoring driver in the software.

TALOS-2021-1255 (CVE-2021-21790 - CVE-2021-21792) and TALOS-2021-1252 (CVE-2021-21785) are information disclosure vulnerabilities that an attacker could trigger by tricking the user into opening a specially crafted I/O request packet (IRP). 

An attacker could use the same method to also exploit TALOS-2021-1254 (CVE-2021-21787 - CVE-2021-21789) and TALOS-2021-1253 (CVE-2021-21786). These vulnerabilities could allow unprivileged users to obtain escalated privileges. 

Talos is disclosing these vulnerabilities despite no official update from IOBit inside the 90-day deadline, as outlined in Cisco’s vulnerability disclosure policy

Users are encouraged to update these affected products as soon as possible: IOBit Advanced SystemCare Ultimate, version 14.2.0.220. Talos tested and confirmed these versions of Advanced SystemCare Ultimate could be exploited by this vulnerability. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57189 and 57190. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.