Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Motorola netOctopus代理nantsys.sys驱动本地权限提升漏洞
Vulnerability Description
Motorola netOctopus是一个资产管理代理,用于从集中的控制台部署软件、监控性能和配置客户端机器。 netOctopus的驱动实现上存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 在客户端机器上所安装的netOctopus代理软件包含有nantsys.sys驱动,在每次系统启动时都会加载这个驱动,而这个驱动暴露了一个所有用户都可写的设备接口\\.\NantSys。nantsys.sys驱动允许读写任意CPU型号特定的寄存器(MSR),更改MSR值就会允许调节各种底层的CPU运算。本地攻击
CVSS Information
N/A
Vulnerability Type
N/A