QwikSec

Security Database

CVE

CWE

Training

CVE-2017-3196

Published: Dec 15, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.

Vendor	Product	Versions
Printing Communications Assoc., Inc. (PCAUSA)	ASUS PCE-AC56 WLAN Card Utilities	affected `Unknown`

Weaknesses (CWE)

References

http://blog.rewolf.pl/blog/?p=1778

x_refsource_MISC

https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/

x_refsource_MISC

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.