CVE-2024-55407

HIGH

ITE Tech. Inc. ITE IO Access <1.0.0.0 - RCE

Title source: llm

Description

An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.

References (2)

[Various Sources] http://ite.com

[Various Sources] https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55407/CVE-2024-55407_Winio64.sys_README.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 21.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1284

Status published

Published Jan 06, 2025

Tracked Since Feb 18, 2026