Strix
26.1K

CVE-2021-31727

HIGHCVSS 7.8/10EPSS 0.37%

Last modified

CVE-2021-31727 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.

Description

Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.37%

28.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
MalwarefoxAntimalware2.74.0.150

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-31727?
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile.
How severe is CVE-2021-31727?
CVE-2021-31727 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.37% probability of exploitation in the next 30 days.
How do I fix CVE-2021-31727?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-31727?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST