What is the severity of CVE-2021-21788?

The severity of CVE-2021-21788 is high with a CVSS score of 8.8.

What is the affected software for CVE-2021-21788?

The affected software for CVE-2021-21788 is IOBit Advanced SystemCare Ultimate version 14.2.0.220.

What is the CWE for CVE-2021-21788?

The CWE for CVE-2021-21788 is CWE-782.

How does CVE-2021-21788 exploit work?

CVE-2021-21788 exploits a privilege escalation vulnerability in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests.

Is there a fix available for CVE-2021-21788?

There is no known fix available for CVE-2021-21788 at the moment. It is recommended to update to the latest version of the software and follow the vendor's security advisories for any patches or mitigations.

Vulnerability/
CVE-2021-21788

high

8.8

CWE

782

7/7/2021

3/8/2024

CVE-2021-21788

First published: Wed Jul 07 2021(Updated: )

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this vulnerability.

Credit: talos-cna@cisco.com

Affected Software	Affected Version	How to fix
IOBit Advanced SystemCare Ultimate	=14.2.0.220

Never miss a vulnerability like this again

Reference Links

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254

Frequently Asked Questions

What is the severity of CVE-2021-21788?
The severity of CVE-2021-21788 is high with a CVSS score of 8.8.
What is the affected software for CVE-2021-21788?
The affected software for CVE-2021-21788 is IOBit Advanced SystemCare Ultimate version 14.2.0.220.
What is the CWE for CVE-2021-21788?
The CWE for CVE-2021-21788 is CWE-782.
How does CVE-2021-21788 exploit work?
CVE-2021-21788 exploits a privilege escalation vulnerability in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests.
Is there a fix available for CVE-2021-21788?
There is no known fix available for CVE-2021-21788 at the moment. It is recommended to update to the latest version of the software and follow the vendor's security advisories for any patches or mitigations.

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/iobit
canonical/iobit advanced systemcare ultimate
version/iobit advanced systemcare ultimate/14.2.0.220

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.