CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-55410

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00043/1

CVE-2024-55410 is a rejected or withdrawn CVE ID, meaning the described issue is not considered a valid vulnerability by the CVE Numbering Authority. This suggests the initial assessment was incorrect or the problem was resolved differently. Despite the rejection, it is important to understand why it was initially flagged. The SVRS score of 30 indicates a low level of associated risk, even if it were a valid vulnerability. The initial classification of "In The Wild" suggests it was believed to be actively exploited at one point. Organizations should verify the reason for the rejection to ensure no actual threat exists, even if the CVE itself is invalid. Reviewing internal systems is crucial to validate that the initial reported concern does not pose an unreported issue.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-01-07
LAST MODIFIED2025-01-23
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-55410 is a vulnerability in the Asus GPU Tweak II Program Driver v1.0.0.0, specifically in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys component. This vulnerability allows attackers to execute arbitrary read and write actions by sending crafted IOCTL requests. This could potentially lead to data breaches, system compromises, and denial-of-service attacks.

While the CVSS score is 7.8, indicating a high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 42, which signifies a moderate risk. This indicates that while the vulnerability itself is serious, it may not be actively exploited in the wild or by known threat actors at this time.

Key Insights

  • Vulnerability Type: This is a local privilege escalation vulnerability. Attackers would need to have local access to the affected system to exploit it.
  • Impact: Successful exploitation could allow attackers to gain full control over the affected system, potentially leading to data theft, system manipulation, or denial-of-service attacks.
  • Affected Software: The Asus GPU Tweak II Program Driver v1.0.0.0 is the only confirmed affected software.
  • Exploit Status: Currently, there is no publicly available exploit code for this vulnerability. However, it is possible that private exploit tools might exist.

Mitigation Strategies

  • Patching: Update the Asus GPU Tweak II Program Driver to the latest version as soon as possible. This will patch the vulnerability and prevent attackers from exploiting it.
  • Network Segmentation: Implement network segmentation to isolate the affected system from other critical systems. This will limit the impact of a successful attack.
  • Access Control: Implement strong access control measures to restrict access to the affected system and its associated resources. This will help prevent unauthorized access and exploitation of the vulnerability.
  • Security Monitoring: Implement robust security monitoring solutions to detect any suspicious activity that might indicate an attempt to exploit the vulnerability.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-55410 | Asus GPU Tweak II Program Driver 1.0.0.0 IOCTL 690b33e1-0462-4e84-9bea-c7552b45432a.sys Privilege Escalation
vuldb.com2025-01-07
CVE-2024-55410 | Asus GPU Tweak II Program Driver 1.0.0.0 IOCTL 690b33e1-0462-4e84-9bea-c7552b45432a.sys Privilege Escalation | A vulnerability, which was classified as critical, has been found in Asus GPU Tweak II Program Driver 1.0.0.0. Affected by this issue is some unknown functionality in the library 690b33e1-0462-4e84-9bea-c7552b45432a.sys of the component IOCTL Handler. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE
vuldb.com
rss
forum
news

Social Media

CVE-2024-55410 An issue in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys component of Asus GPU Tweak II Program Driver v1.0.0.0 allows attackers to perform arbitrary read and write a… https://t.co/xFD4PCDLN0
0
0
0
CVE-2024-55410 Arbitrary Read/Write in Asus GPU Tweak II via IOCTL Requests The 690b33e1-0462-4e84-9bea-c7552b45432a.sys part of the Asus GPU Tweak II Program Driver version 1.0.0.0 has a problem. Attackers can u... https://t.co/oE4iPM0Ogh
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]http://asus.com
[email protected]https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55410/CVE-2024-55410_690b33e1-0462-4e84-9bea-c7552b45432a.sys_README.md

CWE Details

CWE IDCWE NameDescription
CWE-1284Improper Validation of Specified Quantity in InputThe product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence