Get in Touch
Indiscriminate, opportunistic targeting.
CVE-2018-19323 Severity level: Critical – A threat actor with local access to a vulnerable device can exploit this vulnerability to escalate their privilege.
CVE-2018-19322 Severity level: High – A threat actor with local access to a vulnerable device can exploit this vulnerability to run code with elevated privilege.
CVE-2018-19321 Severity level: High – A threat actor with local access to a vulnerable device can exploit this vulnerability to escalate their privilege.
CVE-2018-19320 Severity level: High – A threat actor can leverage this vulnerability to gain complete control of an affected device.
While CVE-2018-19320, CVE-2018-19321, CVE-2018-19322 and CVE-2018-19323 are older vulnerabilities, these have been added to the CISA known exploited catalog as they have been seen being exploited by threat actors in recent attacks. Multiple proof of concept exploits are available online for these vulnerabilities.
To exploit these vulnerabilities a threat actor requires valid user credentials to a vulnerable system. Successful exploitation of these vulnerabilities could allow a threat actor to fully compromise a system or load further code to maintain access into sensitive system directories.
Detection of the affected products within an organisation’s environment.
- GIGABYTE APP Center v1.05.21 and earlier
- AORUS GRAPHICS ENGINE before 1.57
- XTREME GAMING ENGINE before 1.26
- OC GURU II v2.08
Containment, Mitigations & Remediations
- GIGABYTE APP Center B19.0422.1 or later
- AORUS GRAPHICS ENGINE 1.57 or later
- XTREME GAMING ENGINE 1.27 or later
- OC GURU II v2.08, the utility is no longer available
Indicators of Compromise
No current IOCs have been released by GIGABYTE for either of these vulnerabilities.
No further information has been released as to the threat actors utilising these vulnerabilities, however, these all currently have publicly available exploit code. It is therefore likely that opportunistic threats such as these will almost certainly continue to be exploited by malicious threat actors as the vulnerabilities are discovered and shared across online forums.
No threat actor has been attributed to this exploitation.