Vulnerabilities > CVE-2018-18536 - Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/150893/CORE-2017-0012.txt |
id | PACKETSTORM:150893 |
last seen | 2018-12-25 |
published | 2018-12-21 |
reporter | Core Security Technologies |
source | https://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html |
title | ASUS Driver Privilege Escalation |
References
- http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html
- http://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2018/Dec/34
- http://seclists.org/fulldisclosure/2018/Dec/34
- http://www.securityfocus.com/bid/106250
- http://www.securityfocus.com/bid/106250
- https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
- https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities