Vulnerabilities > CVE-2022-42455 - Unspecified vulnerability in Asus Armoury Crate

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

asus

NVD

Published: 2023-02-15

Updated: 2023-02-24

Summary

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Asus Asus Armoury Crate *	1

References

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0003.md