Default Security Descriptor in EVGA Precision XOC v6.2.7 Allows Unauthorized Access to Sensitive Components and Data

Default Security Descriptor in EVGA Precision XOC v6.2.7 Allows Unauthorized Access to Sensitive Components and Data

CVE-2020-22057 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data.

Learn more about our Web Application Penetration Testing UK.