Vulnerabilities > CVE-2018-18535 - Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
asus

Summary

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.

Vulnerable Configurations

Part Description Count
OS
Asus
1
Hardware
Asus
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/150893/CORE-2017-0012.txt
idPACKETSTORM:150893
last seen2018-12-25
published2018-12-21
reporterCore Security Technologies
sourcehttps://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html
titleASUS Driver Privilege Escalation