CISA adds multiple GIGABYTE vulnerabilities to the Known Exploited Vulnerabilities Catalog

Home / Threat Intelligence bulletins / CISA adds multiple GIGABYTE vulnerabilities to the Known Exploited Vulnerabilities Catalog

Target Industry

Indiscriminate, opportunistic targeting.

Overview

CVE-2018-19323 Severity level: Critical – A threat actor with local access to a vulnerable device can exploit this vulnerability to escalate their privilege.

CVE-2018-19322 Severity level: High – A threat actor with local access to a vulnerable device can exploit this vulnerability to run code with elevated privilege.

CVE-2018-19321 Severity level: High – A threat actor with local access to a vulnerable device can exploit this vulnerability to escalate their privilege.

CVE-2018-19320 Severity level: High – A threat actor can leverage this vulnerability to gain complete control of an affected device.

While CVE-2018-19320CVE-2018-19321CVE-2018-19322 and CVE-2018-19323 are older vulnerabilities, these have been added to the CISA known exploited catalog as they have been seen being exploited by threat actors in recent attacks. Multiple proof of concept exploits are available online for these vulnerabilities.

Impact

To exploit these vulnerabilities a threat actor requires valid user credentials to a vulnerable system. Successful exploitation of these vulnerabilities could allow a threat actor to fully compromise a system or load further code to maintain access into sensitive system directories.

Vulnerability Detection

Detection of the affected products within an organisation’s environment.

Affected Products

  • GIGABYTE APP Center v1.05.21 and earlier
  • AORUS GRAPHICS ENGINE before 1.57
  • XTREME GAMING ENGINE before 1.26
  • OC GURU II v2.08

Containment, Mitigations & Remediations

  • GIGABYTE APP Center B19.0422.1 or later
  • AORUS GRAPHICS ENGINE 1.57 or later
  • XTREME GAMING ENGINE 1.27 or later
  • OC GURU II v2.08, the utility is no longer available

Indicators of Compromise

No current IOCs have been released by GIGABYTE for either of these vulnerabilities.

Threat Landscape

No further information has been released as to the threat actors utilising these vulnerabilities, however, these all currently have publicly available exploit code. It is therefore likely that opportunistic threats such as these will almost certainly continue to be exploited by malicious threat actors as the vulnerabilities are discovered and shared across online forums.

Threat Group

No threat actor has been attributed to this exploitation.

Mitre Methodologies

T1055 – Process Injection T1543 – Create or Modify System Process T1574 – Hijack Execution Flow T1078 – Valid Accounts

Further Information

GIGABYTE Security Bulletin

CVE-2018-19320

CVE-2018-19321

CVE-2018-19322

CVE-2018-19323

CISA Known Exploited Vulnerabilities Catalog

Intelligence Terminology Yardstick