Vulnerabilities > CVE-2018-18536 - Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
asus

Summary

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Vulnerable Configurations

Part Description Count
OS
Asus
1
Hardware
Asus
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/150893/CORE-2017-0012.txt
idPACKETSTORM:150893
last seen2018-12-25
published2018-12-21
reporterCore Security Technologies
sourcehttps://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html
titleASUS Driver Privilege Escalation