Memory Manipulation Vulnerability in ASUS Laptop BIOS
CVE-2021-26943

8.2HIGH

Key Information:

Vendor: Asus
Status: Ux360ca Bios
Vendor: CVE Published:; 31 March 2021

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-26943?

The UX360CA BIOS on ASUS laptops versions up to 303 is susceptible to a severe flaw that enables an attacker with ring 0 privileges to overwrite almost any physical memory location, including System Management RAM (SMRAM). This exploitation facilitates the execution of arbitrary code within the System Management Mode (SMM), potentially allowing malicious activities that compromise the integrity and security of the system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

SmmExploit
Created by tandasat

References

https://www.asus.com/support/FAQ/1045541/

x_refsource_CONFIRM

https://www.youtube.com/watch?v=1H3AfaVyeuk

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2021
Vulnerability Reserved
Feb 9, 2021
🟡
Public PoC available
Dec 31, 2020
👾
Exploit known to exist
Dec 31, 2020

JSON

Asus

Badges

What is CVE-2021-26943?

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline