Vulnerabilities > CVE-2018-18535 - Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/150893/CORE-2017-0012.txt |
id | PACKETSTORM:150893 |
last seen | 2018-12-25 |
published | 2018-12-21 |
reporter | Core Security Technologies |
source | https://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html |
title | ASUS Driver Privilege Escalation |
References
- http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html
- http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2018/Dec/34
- http://seclists.org/fulldisclosure/2018/Dec/34
- http://www.securityfocus.com/bid/106250
- http://www.securityfocus.com/bid/106250
- https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
- https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities